Today we updated the Divi Theme following Elegant Themes security patch. The vulnerability could allow low level users to use unfiltered HTML.
OPTe Network sites were not at risk due to the Restricted Code Policy, however we went ahead and updated it before our scheduled day (Sunday).
Elegant Themes Notice:
A privilege escalation vulnerability was discovered that could allow low level users, such as Authors, to use unfiltered HTML inside of post content when using the Divi Builder. Using such code in posts is typically reserved for admins.
version 3.17.3 ( updated 10-30-2018 )
– Important Security Update. Following an internal code audit, various security improvements were made and several minor security vulnerabilities were patched. For more information, please refer to the disclosure here: https://us7.campaign-archive.com/?u=9ae7aa91c578052b052b864d6&id=a9763c15f2
– Fixed Right-click controls missing in empty fullwidth sections.
– Added missing extend options to border styles and background tabs.
– Fixed languages using quote characters different from the ones in English causing Dynamic Content to not render properly in the front-end.