We just received a notification:
We are getting in touch to let you know about a stored XSS and a CSRF vulnerability in the Avada WordPress Theme versions prior to 5.1.5 (releases prior to April 4th, 2017).
This is a security release for all previous versions and we strongly encourage you to update immediately.
We have worked with ThemeFusion, the creators of Avada, to address this vulnerability, which is fixed in the current version and now available for update.
What You Should Do
In order to secure your website, we highly recommend updating to the latest available version as soon as possible.
We also recommend making a backup of your site before updating or changing files as a standard precaution.
- To manually update your theme, download the latest version of the theme from the Envato Market account that the item was purchased and reinstall on your site.
- Alternatively, to update your theme with the Envato Market API, install and activate the Envato Market WordPress plugin. Once activated, click the ‘Envato Market’ menu from your WordPress Dashboard and connect to the API to receive an update notification from within your dashboard.
To confirm that you’ve updated successfully, navigate in your WordPress dashboard to Appearance > Themes, select the Avada theme and make sure that the version number says 5.1.5 or higher.
If you require additional support or assistance updating your item, please contact the author.
If you have used this theme in projects for clients, please help them to secure their sites as well.
Your Security is Our Priority
We take security seriously at Envato. When we receive security vulnerability reports for items sold on our marketplaces, we work as quickly as possible to validate the report, investigate risk and determine the best course of action for the security of our community.
On behalf of the theme creator and Envato, we apologise for this inconvenience and assure you that your security always is, and will be, our priority.
The Envato Team