The Avada | Responsive Multi-Purpose Theme is the best sold theme ever on Themeforest, so far it counted over 320k of customers. That being said, imagine the huge number of WordPress sites running on this theme.

As being widely used, is notorious thing for the Avada code to be checked by hackers to find vulnerabilities. Recently there’s been reported 2 huge impact security issues. Remember, there are automated boots which search for such theme, using a particular version which is known for being insecure.

WordPress Hide plugin can easily block such spiders to identify the used theme by simply activating the Rewrite – Theme So even if the theme contain a known vulnerability, it will not be a target since the attacker will not be aware of it.

For a technical description of vulnerability see Avada 5.1.4 stored XSS and CSRF

At the moment the security issues where fixed in the Avada theme version 5.1.5