This article was created at the time of the Avada WordPress Vulnerabiltity, in April 2017.
Following the recent announcement of the Layer Slider plugin vulnerability, the same issues have just been found in the Avada WordPress theme from Envato.
The Avada theme is one of the most popular and most-downloaded themes for WordPress; if you have and use this theme, please read on.
If you do not use the Avada WordPress theme, you need not be concerned.
If you have used this theme for client projects, please inform them and help secure their site.
Where’s the fire?
A stored XSS and CSRF vulnerability in the Avada WordPress theme in versions prior to 5.1.5 (released prior to April 4th, 2017) can leave your site at risk of hijacking.
The current version of Avada, which is now available for download, has reportedly addressed and fixed the issue.
In case something does go wrong with your Avada theme, you can always restore an older backup – up to 28 days – with WPX Hosting by contacting our Support Team on Live Chat!
How can I fix this problem?
After making a backup, please update your Avada WordPress theme as soon as possible to protect yourself from risk.
You can download the latest version directly from the Envato Market (aka Themeforest.net) or through the Envato Market WordPress Plugin, once it has been installed.
After you have updated your Avada theme, please navigate to Appearance → Themes in your WordPress Dashboard and check for Avada version 5.1.5 or higher. This will confirm the update and you can then rest easy.
If you get stuck with anything discussed here, please contact WPX Support via live chat (use the bottom right hand widget!) and they will usually respond and help within 30 seconds or less.