Their development team has worked diligently with the WordFence team over the last couple of weeks to address and rectify a vulnerability that did exist within the plugin before version 3.4.2, making it very important for anyone that uses this plugin to update the plugin to the latest version released on the 28th May 2019. Read their full disclosure of the vulnerability and the plugin’s changelog here.
What Should I Do Next?
If you are using the Convert Plus plugin, please update the plugin immediately to ensure that you are clear of any potential security issues. As of Avada 5.4.1, all bundled premium plugins included with the theme can be updated independently. For detailed information on how to update your plugin, please see our detailed help file and video.
Update the plugin by going to WordPress Dashboard > Avada > Plugins
Should I Update My Theme and All Other Plugins?
Yes, it is only good practice to keep your theme, WordPress install, and all 3rd party plugins updated and maintained at all times. To ensure that your theme installation is up to date with the latest version available, 5.9.1, please update. These are our detailed theme update instructions:
Something else that is important is to also ensure any patches that our team releases between update cycles are applied as part of ongoing maintenance for your install and always clear your cache plugins post update.
Patches are applied at the click of a button as explained in our Avada Patcher doc post.