+44 0330 223 3428
Call Us
+44 0330 223 3428

WPTavern: Avada Theme Version 5.1.5 Patches Stored XSS and CSRF Vulnerabilities

WPTavern: Avada Theme Version 5.1.5 Patches Stored XSS and CSRF Vulnerabilities

Theme Fusion’s Avada WordPress Theme, the highest selling theme on Themeforest for the past four years, has fixed stored XSS and CSRF vulnerabilities in its 5.1.5 release. The security issues were discovered by WP Hütte, a WordPress security blog, and the site published details of the vunlnerabilities after Theme Fusion patched its theme.

Although the patched version has been available since early April, a notification was only recently sent out to Avada customers from Envato via email, urging them to update. Avada announced the release of 5.1.5 but did not publish anything publicly on the security issues that it fixes. Customers started learning about the vulnerabilities from the WPScan Vulnerability Database, WP Hütte, and posts on Twitter.

Theme Fusion left the security issues buried in the changelog until today when customers began receiving email notices about it. A fix was available for more than a month while customers who were unaware and had not updated were left vulnerable. Envato’s email encourages all users to update, as the release is for all previous versions of Avada.

If you have purchased Avada for clients or for yourself, you can update to the latest version by downloading it from your Envato Market account and reinstalling it. Customers with the Envato Market WordPress plugin installed can access automatic updates within the WordPress admin.



Source: WordPress

Related Post
Matt: On React and WordPress

Matt: On React and WordPress Big companies like to bury unpleasant news on Fridays: A few weeks ago, Facebook announced they have decided to dig in on their patent clause addition to the React license, even after Apache had said it’s no longer allowed for Apache.org projects. In their words, removing the patent clause would […]

Read more
WPTavern: First WordCamp Dublin Set for October 14-15

WPTavern: First WordCamp Dublin Set for October 14-15 photo credit: Ireland.com Following up on the success of WordCamp Belfast last October, the WordPress community in Dublin will be hosting its first WordCamp October 14-15. Both camps began the early stages of planning last year and the two communities have shared some of the same organizers […]

Read more
WPTavern: GitHub Partners with Facebook to Release Atom-IDE

WPTavern: GitHub Partners with Facebook to Release Atom-IDE GitHub announced the launch of Atom-IDE this week, a new set of packages that extend its open source JavaScript-powered code editor to include IDE-like functionality. This first release includes packages that support TypeScript, Flow, JavaScript, Java, C#, and PHP. “The start of this journey includes smarter context-aware […]

Read more

Leave a Reply

Your email address will not be published.