This article was created at the time of the Avada WordPress Vulnerabiltity, in April 2017.
Following the recent announcement of the Layer Slider plugin vulnerability, the same issues have just been found in the Avada WordPress theme from Envato.
The Avada theme is one of the most popular and most-downloaded themes for WordPress; if you have and use this theme, please read on.
If you do not use the Avada WordPress theme, you need not be concerned.
If you have used this theme for client projects, please inform them and help secure their site.
A stored XSS and CSRF vulnerability in the Avada WordPress theme in versions prior to 5.1.5 (released prior to April 4th, 2017) can leave your site at risk of hijacking.
The current version of Avada, which is now available for download, has reportedly addressed and fixed the issue.
In case something does go wrong with your Avada theme, you can always restore an older backup – up to 28 days – with WPX Hosting by contacting our Support Team on Live Chat!
After making a backup, please update your Avada WordPress theme as soon as possible to protect yourself from risk.
You can download the latest version directly from the Envato Market (aka Themeforest.net) or through the Envato Market WordPress Plugin, once it has been installed.
After you have updated your Avada theme, please navigate to Appearance → Themes in your WordPress Dashboard and check for Avada version 5.1.5 or higher. This will confirm the update and you can then rest easy.
If you have any concerns or questions about your Avada WordPress theme, don't hesitate to raise a support ticket with us here:
and we'll answer asap!