Title: Avada Builder plugin version numbering issue
Last modified: November 27, 2024

---

# Avada Builder plugin version numbering issue

 *  Resolved [Mariette](https://wordpress.org/support/users/mariettej/)
 * (@mariettej)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/avada-builder-plugin-version-numbering-issue/)
 * Hello
 * I have just installed your plugin for the first time and am seeing this warning:
 * **Avada Builder has a known vulnerability that may be affecting this version.****–
   < 7.11.6**
 * The problem is that the latest version of Avada Builder **plugin** is 3.11.11
   and the Avada **theme** is 7.11.11. For info, the Builder plugin is linked to
   the Avada theme and updates at the same time as the theme, but the numbering 
   is different.
 * So I think the vulnerability in the **plugin** was probably fixed in version 
   3.11.6.
 * Can you advise what I should do now?
 * thanks
   Mariette

Viewing 7 replies - 1 through 7 (of 7 total)

 *  Plugin Author [Javier Casares](https://wordpress.org/support/users/javiercasares/)
 * (@javiercasares)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/avada-builder-plugin-version-numbering-issue/#post-18190008)
 * Can you send the CVE or some other information related so I can find exactly 
   the error?
 *  Thread Starter [Mariette](https://wordpress.org/support/users/mariettej/)
 * (@mariettej)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/avada-builder-plugin-version-numbering-issue/#post-18190745)
 * Hi
 * This info is from the WPVulnerability email:
 * Plugin: Avada BuilderFusion Builder [fusion-builder] < 7.11.6
   **Improper Access
   Control**_The product does not restrict or incorrectly restricts access to a 
   resource from an unauthorized actor._Global score: 6.5 / 10Severity: Medium
 * [[+]](https://www.cve.org/CVERecord?id=CVE-2024-1668) CVE-2024-1668
   [[+]](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/fusion-builder/avada-7115-authenticatedcontributor-sensitive-information-exposure-via-form-entries)
   Avada <= 7.11.5 – Authenticated(Contributor+) Sensitive Information Exposure 
   via Form Entries[[+]](https://patchstack.com/database/vulnerability/avada/wordpress-avada-plugin-7-11-5-authenticated-contributor-sensitive-information-exposure-via-form-entries-vulnerability)
   WordPress Avada Theme <= 7.11.5 is vulnerable to Sensitive Data Exposure
 * However, the [+] links above all relate to the **Avada theme** (which is now 
   at version 7.11.11).
 * The **Avada Builder plugin** (which is now at version 3.11.11) was introduced
   in version 5x of Avada. As Avada has now moved to 7x, the builder is on 3x.
 * So, the warning is wrong – it has confused the numbering of the theme with the
   numbering of the plugin and so thinks the plugin is out of date when in fact 
   it is on the latest version.
 * Does that make sense?
 * thanks
 *  Plugin Author [Javier Casares](https://wordpress.org/support/users/javiercasares/)
 * (@javiercasares)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/avada-builder-plugin-version-numbering-issue/#post-18191328)
 * Fixed! It can take some hours to refresh the cache, but it should be fixed then.
 * Thank you for improving the information!
 *  Thread Starter [Mariette](https://wordpress.org/support/users/mariettej/)
 * (@mariettej)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/avada-builder-plugin-version-numbering-issue/#post-18191936)
 * Thank you Javier, I appreciate you looking into it.
 * One thing, it may be a cache thing, but I am still seeing 2 of the above 3 notices
   on the plugin page, both relating to the theme, not the plugin:
 * **Avada Builder has a known vulnerability that may be affecting this version.****–
   < 7.11.6**
 * [[+]](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/fusion-builder/avada-7115-authenticatedcontributor-sensitive-information-exposure-via-form-entries)
   Avada <= 7.11.5 – Authenticated(Contributor+) Sensitive Information Exposure 
   via Form Entries
   [[+]](https://patchstack.com/database/wordpress/theme/avada/vulnerability/wordpress-avada-plugin-7-11-5-authenticated-contributor-sensitive-information-exposure-via-form-entries-vulnerability)
   WordPress Avada Theme <= 7.11.5 is vulnerable to Sensitive Data Exposure
 * Is this likely to clear soon do you think?
 * best wishes, Mariette
 *  Thread Starter [Mariette](https://wordpress.org/support/users/mariettej/)
 * (@mariettej)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/avada-builder-plugin-version-numbering-issue/#post-18203909)
 * Hello Javier
 * Just to say that the above warning message is still visible so I don’t think 
   it is just a cache thing. It seems that the wrong info (confusing the plugin 
   with the theme version numbers) is still present at these 2 links:
 * [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/fusion-builder/avada-7115-authenticatedcontributor-sensitive-information-exposure-via-form-entries](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/fusion-builder/avada-7115-authenticatedcontributor-sensitive-information-exposure-via-form-entries)
 * [https://patchstack.com/database/wordpress/theme/avada/vulnerability/wordpress-avada-plugin-7-11-5-authenticated-contributor-sensitive-information-exposure-via-form-entries-vulnerability](https://patchstack.com/database/wordpress/theme/avada/vulnerability/wordpress-avada-plugin-7-11-5-authenticated-contributor-sensitive-information-exposure-via-form-entries-vulnerability)
 * Is there anytghing that can be done about this as I am reluctant to install this
   plugin on my clients’ sites until this message has gone away…
 * many thanks
 * Mariette
 *  Plugin Author [Javier Casares](https://wordpress.org/support/users/javiercasares/)
 * (@javiercasares)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/avada-builder-plugin-version-numbering-issue/#post-18204037)
 * Fixed. Will be updated in around 1 hour.
 *  Thread Starter [Mariette](https://wordpress.org/support/users/mariettej/)
 * (@mariettej)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/avada-builder-plugin-version-numbering-issue/#post-18205955)
 * Fantastic! All good now 🙂
 * Thank you so much Javier

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Avada Builder plugin version numbering issue’ is closed to new replies.

 * ![](https://ps.w.org/wpvulnerability/assets/icon.svg?rev=3387690)
 * [WPVulnerability](https://wordpress.org/plugins/wpvulnerability/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wpvulnerability/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wpvulnerability/)
 * [Active Topics](https://wordpress.org/support/plugin/wpvulnerability/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wpvulnerability/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wpvulnerability/reviews/)

 * 10 replies
 * 2 participants
 * Last reply from: [Mariette](https://wordpress.org/support/users/mariettej/)
 * Last activity: [1 year, 6 months ago](https://wordpress.org/support/topic/avada-builder-plugin-version-numbering-issue/#post-18205955)
 * Status: resolved