If you are someone who is using the WordPress Divi Themes, you might want to update it right away. Just last week, Elegant Themes announced that several of their products contained a code injection vulnerability, their team discovered this during a routine code audit.
What is the vulnerability?
Code Injection, also called Remote Code Execution (RCE), is a general term for attacks that exploit poor handling of untrusted data. The code injection vulnerability can allow an attacker to install malware on a website. The Divi vulnerability allows users who are logged in to execute a small set of PHP functions.
Who is affected?
WordPress Websites who are using Divi version 3.23 and above, Extra 2.23 and above or Divi Builder version 2.23 and above, are affected.
What is the fix?
Updating your themes and plugins will fix this problem. You can update your themes and plugins from within your WordPress dashboard, or you can download the latest versions from the members area and update them manually.