Today Divi, Extra and the Divi Builder plugin were updated to fix a security vulnerability. Updating these themes and plugins to their latest versions will fix the problem and keep your website secure.
The Problem
A code injection vulnerability was discovered by our team during a routine code audit that could allow logged in contributors, authors and editors to execute a small set of PHP functions.
Are You Affected?
Every website with potentially untrustworthy contributor, author and editor users using Divi version 3.23 and above, Extra 2.23 and above or Divi Builder version 2.23 and above are affected and should update to the latest product versions. Product versions 4.0.10 include the security patch.
How To Fix It
Updating your themes and plugins will fix this problem. You can update your themes and plugins from within your WordPress dashboard, or you can download the latest versions from the members area and update them manually.
Has Your Account Expired?
We are making these updates available for free to all expired accounts. Even if your account has expired, you can still update your themes or plugins to their latest versions via your WordPress dashboard. Expired accounts will not be restricted from updating.
We Are Here To Help
Security is extremely important to us and we take a number of precautions to help mitigate issues like this. We will continue to work hard to prevent similar mistakes from happening in the future.
If you have any questions or concerns, please know that our virtual doors are always open. If there is anything we can do to help, just let us know.
So it appears even non-lifetime members whose yearly subscription has expired can update free of charge to the latest (current) version. Maybe they will even include lifetime updates in every plan soon and only add Lifetime Support for the Lifetime plan? Stay tuned!
Actually it sounds like generosity to me.
I don’t remember the last time I saw a plugin/extensions/theme developer offering the update to solve a security issue. The others usually say “that’s why you need to subscribe, to get support and updates”
yes. that’s exactly what makes me think of it being a very serious issue, where they simply could not afford to have tons of people run into an open knive…
and obviously it’s too much to fix for deploying individual patches per version, so it’s easier to just hand out an free upgrade
however I agree, that it’s right way to do, desperate or not…
Serious issue or not, I find it to be a good move. Everyone screws up at some point. Internet/“Neuland” security in Germany for example is probably way worse. Let alone the “Datenpannen” about which they are reporting ever so often. Some 100.000+ people’s data was leaked and they are “trying to do better” next time lol
What I’m saying: At least there is a patch. And it’s free.
Hm, I never got this email from them. I hope I don’t have to stay subscribed to their general newsletter to get security related email?
(I unsubscribed pretty quickly from their newsletter, as it was way too much/often, and seemed irrelevant.)
Why would it be an issue for them?
It would not affect their active clients or Divi systems.
I dpon’t understand how the gravity of the security issue plays any role in it. If anything the more grave the issue, the more motivated pople would be to renew their subscriptions.
Obviously. What I’m disagreeing with @Falzo is that somehow Divi had to do it to cover themselves.
They didn-t have to, they chose to. And in my opinion it was the right move, people will apreciate. I wonder if they will be trying to monitor conversions.