ElegantThemes Divi Provide Security Fix (Expired Accounts Included). Update now!

Just received this e-mail:

Elegant Themes Security Update

Today Divi, Extra and the Divi Builder plugin were updated to fix a security vulnerability. Updating these themes and plugins to their latest versions will fix the problem and keep your website secure.

The Problem

A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions.

Are You Affected?

Every website with potentially untrustworthy contributor, author and editor users using Divi version 3.23 and above, Extra 2.23 and above or Divi Builder version 2.23 and above are affected and should update to the latest product versions. Product versions 4.0.10 include the security patch.

How To Fix It

Updating your themes and plugins will fix this problem. You can update your themes and plugins from within your WordPress dashboard, or you can download the latest versions from the members area and update them manually.

Has Your Account Expired?

We are making these updates available for free to all expired accounts. Even if your account has expired, you can still update your themes or plugins to their latest versions via your WordPress dashboard. Expired accounts will not be restricted from updating.

We Are Here To Help

Security is extremely important to us and we take a number of precautions to help mitigate issues like this. We will continue to work hard to prevent similar mistakes from happening in the future.

If you have any questions or concerns, please know that our virtual doors are always open. If there is anything we can do to help, just let us know.

Best Wishes,
Nick Roach
www.ElegantThemes.com

So it appears even non-lifetime members whose yearly subscription has expired can update free of charge to the latest (current) version. Maybe they will even include lifetime updates in every plan soon and only add Lifetime Support for the Lifetime plan? Stay tuned!

1 Like

sounds a bit desperate. so probably it’s a very serious/big security problem there…

2 Likes

Probably. Lucky for everyone whose license expired and didn’t get hacked though :slight_smile:

1 Like

From the sounds of that statement it was a venerability that they or an external auditor found so may not have been used in the real world yet.

1 Like

Actually it sounds like generosity to me.
I don’t remember the last time I saw a plugin/extensions/theme developer offering the update to solve a security issue. The others usually say “that’s why you need to subscribe, to get support and updates”

3 Likes

yes. that’s exactly what makes me think of it being a very serious issue, where they simply could not afford to have tons of people run into an open knive…

and obviously it’s too much to fix for deploying individual patches per version, so it’s easier to just hand out an free upgrade :wink:

however I agree, that it’s right way to do, desperate or not…

1 Like

Serious issue or not, I find it to be a good move. Everyone screws up at some point. Internet/“Neuland” security in Germany for example is probably way worse. Let alone the “Datenpannen” about which they are reporting ever so often. Some 100.000+ people’s data was leaked and they are “trying to do better” next time lol :stuck_out_tongue:
What I’m saying: At least there is a patch. And it’s free.

2 Likes

Hm, I never got this email from them. I hope I don’t have to stay subscribed to their general newsletter to get security related email?
(I unsubscribed pretty quickly from their newsletter, as it was way too much/often, and seemed irrelevant.)

Why would it be an issue for them?
It would not affect their active clients or Divi systems.

I dpon’t understand how the gravity of the security issue plays any role in it. If anything the more grave the issue, the more motivated pople would be to renew their subscriptions.

How do you supposed they contact you in the GDPR world if you unsubscribe their newsletters? heh :wink:

Because it looks good on them to issue this security fix for free, rather than requiring people to re-subscribe. It’s just simple PR, I imagine.

Obviously. What I’m disagreeing with @Falzo is that somehow Divi had to do it to cover themselves.
They didn-t have to, they chose to. And in my opinion it was the right move, people will apreciate. I wonder if they will be trying to monitor conversions.

1 Like

Not too sure. I stayed subscribed to their newsletter to stay tuned as to what new 1-click import layouts are published :slight_smile:

I also don’t see a problem with the free update.
If it wasn’t free people would also be complaining . Perhaps even more.