The Brainstorm Force team, developers of the popular Convert Plus plugin which is bundled with Avada, has released a security update for their plugin bringing the latest version up to 3.4.3 3.4.4.
Their development team has worked diligently with the WordFence team over the last couple of weeks to address and rectify a vulnerability that did exist within the plugin before version 3.4.2, making it very important for anyone that uses this plugin to update the plugin to the latest version released on the 28th May 2019. Read their full disclosure of the vulnerability and the plugin’s changelog here.
What Should I Do Next?
If you are using the Convert Plus plugin, please update the plugin immediately to ensure that you are clear of any potential security issues. As of Avada 5.4.1, all bundled premium plugins included with the theme can be updated independently. For detailed information on how to update your plugin, please see our detailed help file and video.
Update the plugin by going to WordPress Dashboard > Avada > Plugins
Should I Update My Theme and All Other Plugins?
Yes, it is only good practice to keep your theme, WordPress install, and all 3rd party plugins updated and maintained at all times. To ensure that your theme installation is up to date with the latest version available, 5.9.1, please update. These are our detailed theme update instructions:
Something else that is important is to also ensure any patches that our team releases between update cycles are applied as part of ongoing maintenance for your install and always clear your cache plugins post update.
Patches are applied at the click of a button as explained in our Avada Patcher doc post.
I have Avada 5.9.1 but I can’t see the request to update Convert Plus to 3.4.3. I have 3.4.2.
I see plugin need update, but if I try to update from WordPress plugin directory I have error because request me to activate plugin.
Why?
Hello!
It can take up to 24hrs until you will see the update note. Reason is an update transient per site that lasts for 24hrs. So, you should be now be able to see the update.
From the WP plugins screen it does not work, because for that kind of update, the plugin requires an activation code. That is out of our hands and something the plugin author requires. For the update from the Avada plugin’s screen does not require that, but can take up to 24hrs to show, as said above.
Thanks!