Elegant Themes 安全性升級通知
2018/10/31 收到 Elegant Themes 的郵件通知,Divi、Extra 佈景主題與 Divi Builder 外掛有安全性問題需要升級。主要問題影響,是在非管理員的使用者可以透過 Divi Builder 來使用原本只限於管理員使用的 HTML 語法。
請 VIP 會員盡速升級到最新版本。
詳細內容:
Elegant Themes Security Update
Today our Divi, Extra and Divi Builder products were updated to improve overall security and to fix security issues identified by our team and an independent security researcher during a scheduled internal code audit. Updating these products to their latest versions will apply the patch, keeping your website secure.
The Problem
A privilege escalation vulnerability was discovered that could allow low level users, such as Authors, to use unfiltered HTML inside of post content when using the Divi Builder. Using such code in posts is typically reserved for admins.
Are You Affected?
The problems identified affect all websites using the Divi theme, Extra theme or the Divi Builder plugin. Specifically it affects these websites that also have open user registration or low level post authors.
How To Fix It
Updating your themes and plugins will patch the bugs and improve the security of your website. You can update your themes or plugin from within your WordPress dashboard, or you can download the latest versions from the members area and update them manually.
Has Your Account Expired?
We are making these updates available for free to all expired accounts. Even if your account has expired, you can still update your themes or plugins to their latest versions via your WordPress dashboard. Expired accounts will not be restricted from updating.
頁:
[1]