Important Note: This article covers FIXING THE SECURITY VULNERABILITY found in the JEDI Apprentice plugin used for our one-click install process for 5 Star Hotel child theme.


This issue affects all versions of 5 Star Hotel v3.0 and earlier. When the vulnerability is patched, we will release an updated child theme zip package you can download from your account at Divi Cake and Elegant Marketplace.


No known websites have been compromised with this security vulnerability, however it's best practice to remove the JEDI Apprentice files immediately after importing the child theme demo content. Doing so will resolve the vulnerability.


Also where possible, please follow this process for any websites you have previously installed the 5 Star Hotel child theme (and not already removed the child theme installer files). Our "5 Star Services" plugin is not affected by this issue.


We apologize for the inconvenience and will update you here (this article) when 5 Star Hotel v3.1 is available for download with its included security patch.


Sincerely,

MAGI Web Design Staff




It's best practice to remove the child theme installer files pictured above, especially if you install 5 Star Hotel on behalf of a client.


The process is relatively straight-forward, but you'll need access to the server back-end with an FTP client or cPanel.


Here are the steps:


1. Delete the following highlighted line from your child theme's functions.php file:



2. Next, delete the jedi-apprentice folder from within /wp-content/themes/five-star-hotel-child-theme/



Note: The child theme folder may have a slightly different name than above, for instance includes a version number. Example: "5-star-hotel-child-theme-v1.2"


The Child Theme Installer Files should now be removed.