Avada | Responsive Multi-Purpose Theme – Version – 7.11.7

Version 7.11.7 – March 19th, 2024
—————————————————————————————–
– SECURITY: Fixed Contributor+-level-only XSS vulnerability, allowing site Contributors to add custom script code certain element link options
– SECURITY: Fixed Contributor+-level-only SSRF vulnerability, allowing Contributors to set Avada Form submission type to unsafe web requests
– SECURITY: Fixed Admin+-level-only SQL injection vulnerability, where SQL code could be injected into an Avada Forms submissions entry removal request
– SECURITY: Fixed possibility of Avada Forms upload folder being directly accessible
– NEW: Added the option to bulk delete Avada Forms submission entries