The Avada team has released a security update for Avada, and all users should update as soon as possible. Additionally, 18 other updates and fixes were included.
- SECURITY: Fixed file upload bypass leading to remote code execution (RCE) vulnerability in Page Options import function (only valid for authenticated users of rol contributor or higher)
- PERFORMANCE: Removed conditionally loaded WooCommerce block styles from the combined 3rd party styles
- IMPROVEMENT: Added option to Post Card element to exclude out-of-stock items from related products query
- IMPROVEMENT: Added new actions and filters for better customizability
- UPDATED: Twitter name to X
- FIXED: WooCommerce notices not being displayed on all installs when Ajax add to cart is used on single products
- FIXED: Woo Tabs element title options are not working for all tab titles, and the review meta text color is incorrect
- FIXED: Non-scrolling Column motion effects not animating
- FIXED: Off Canvas special menu element not working
- FIXED: Off Canvas is not always closing correctly on mobiles (part 2)
- FIXED: Not all Testimonial elements auto-playing when multiple elements are on the same page
- FIXED: Carousels not correctly initialized inside of a Modal element
- FIXED: Portfolio element carousel layout displaying incorrect number of elements
- FIXED: Font-size sanitation issue in responsive type calculations when global typography was deleted but still used in an element
- FIXED: PHP notice in WooCommerce edit order screens and other post types that don’t have a global $post variable
- FIXED: Bulk upload options are not displaying in the back-end editor
- FIXED: Container background slider in Live Editor causes child elements to disappear when the edit icons are hovered on some installs
- FIXED: Invalid column spacing sanitization in Live Editor
- FIXED: Custom icons are not displaying in Live Editor when changing them for the add to cart button in the Post Card Cart element
Originally published on Feb. 2, 2024