The WordFence Threat Intelligence team has discovered a vulnerability present in two themes by Elegant Themes, Divi and Extra, as well as Divi Builder, a WordPress plugin. Combined, these products are installed on an estimated 700,000 sites.
This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. They have now been patched and the flaw has been fixed.
Elegant Themes is the creator behind one of the most popular premium themes, Divi. One of the features of the Divi theme is that it comes with the Divi Page Builder that makes the site design and editing process easy and customizable. In addition to the Divi theme, Elegant Themes offers an alternative theme, Extra, that includes the Divi Builder. The standalone Divi Builder plugin is also available and can be used with any theme.
As part of the Divi Builder functionality, users that have the ability to create posts can import and export Divi page templates using the portability feature.
How to Update your Divi Builder Elegant Themes Product
As long as you have supplied your Elegant Themes Username and API key on your WordPress site, then you can take care of your updates directly in the updates area on your site. To do so, log into your site, and navigate to the “Updates” area. Select the Elegant Themes product you would like to update and just click “Update Plugin” or “Update Theme” depending on which product you are updating.
Also, please note that Elegant Themes has made this patch available to users, even if your account is expired.
Stay protected by disabling code execution in the uploads directory using WordFence Plugin.
Wordfence has a feature to disable code execution in the uploads directory. Even if you’re not using one of Elegant Themes’ vulnerable products, you are highly recommended to enable this setting as it will provide additional protection against vulnerabilities like this one that may erroneously allow PHP files to be uploaded into the uploads directory.
With this option enabled, attackers will not be able to execute PHP files uploaded into the uploads directory, providing an extra layer of security and assisting in thwarting attacks like this one. In the event that a zero-day vulnerability is discovered and actively exploited prior to the creation of a custom firewall rule, having this feature enabled can help keep your site protected. Read more about this on the WordFence Blog
Special thanks to Mitch, from Elegant Themes, for working to quickly get a patch out to protect Elegant Themes users.
Read more of our WPChase security blogs here
Wonderful!, just before you go: Please subscribe to our website for the latest tips, ideas, and recommendations to make your WordPress site wonderful.