Avada Theme Version 5.1.5 Patches Stored XSS and CSRF Vulnerabilities

Theme Fusion’s Avada WordPress Theme, the highest selling theme on Themeforest for the past four years, has fixed stored XSS and CSRF vulnerabilities in its 5.1.5 release. The security issues were discovered by WP Hütte, a WordPress security blog, and the site published details of the vunlnerabilities after Theme Fusion patched its theme. Although the patched version has been available …

Data From Theme Reviews Shows Authors Need More Education on Developing Secure WordPress Themes

Last week, we highlighted the progress being made by the Theme Review Team in clearing out a 1K+ review backlog. In an effort to determine common problems with themes discovered by reviewers, Carolina Nymark, a member of the Theme Review Team, reviewed 100 tickets from 531 themes that were closed and marked not approved between December and February. Nymark cautions …