[The following message was sent out to customers of Elegant Themes on 11 Mar 2019]
Today some of our products were updated to patch a security issue. This issue was patched after being privately disclosed to our team by an independent security researcher. Updating your themes and plugins to their latest versions will apply the patch, keeping your website secure.
Some cross-site request forgery checks within our core product framework could be potentially bypassed. In all cases, these checks were also hardened by user permission checks, however, user permissions checks alone are not sufficient to protect against all CSRF vectors.
Are You Affected?
This problem affects all customers using Divi, Extra, Bloom, Monarch or the Divi Builder plugin. If you are receiving this email, it is important that you update your themes and plugins to their latest versions.
How To Fix It
Updating your themes and plugins will fix this problem. You can update your themes or plugins from within your WordPress dashboard, or you can download the latest versions from the members area and update them manually.
What If You Can’t Update Right Now?
If you are unable to update your themes/plugins right away, you can use our security patcher plugin to patch the vulnerability without updating your products. This is a free download for all customers. Installing this plugin will fix the problem, and you can continue to use the security patcher plugin until you are able to update your products to their latest versions.
Has Your Account Expired?
We are making these updates available for free to all expired accounts. Even if your account has expired, you can still update your themes or plugins to their latest versions via your WordPress dashboard. Expired accounts will not be restricted from updating.
We Are Here To Help
Security is extremely important to us and we take a number of precautions to help mitigate issues like this. We will continue to work hard to prevent similar mistakes from happening in the future.
If you have any questions or concerns, please know that our virtual doors are always open. If there is anything we can do to help, just let us know.