For the release of Avada 5.8.2 we have fixed a XXS security issue pertaining to Avada versions 5.8.1 and below. The fix is for the bootstrap JS libraries that are used in Avada and is disclosed in our Changelog and also disclosed in our Important Update Info doc.
We recommend to keep your theme up to date and maintained at all times. It’s best to use auto updates and to also keep an eye on the Fusion Patcher tool as we typically issue fixes and improvements within a short space of time without the need for a full theme update.
Like WordPress and any entity that develops software, we understand that security is not an absolute, it’s a continuous process and should be managed as such. We do our best to be as proactive as possible in preventing security issues and we do not assume they’ll never come up. Our job is to quickly take care of them and work to get our customers notified and prepared.
The description of the security issue identified and fixed is listed below:
- FIXED: Security fix to prevent possible XSS attacks in bootstrap JS libraries
We checked and verified the bootstrap vulnerability as soon as it was discovered. Once confirmed, our team took immediate steps to apply the fix to Avada 5.8.2, which has been released. Confirmation of the changelog release that lists out the security fix, can be found here: Avada Changelog
What Should I Do Next?
We cannot stress enough the importance in making sure that your install is updated and maintained at all times. To ensure that your theme installation is issue free and the fix detailed above is applied, please update. These are our detailed update instructions:
Something else that is important is to also ensure any patches that our team releases between update cycles are applied as part of ongoing maintenance for your install and always clear your cache plugins post update.
Patches are applied at the click of a button as explained in our Avada Patcher doc post.