Cross-Site Request Forgery (CSRF) vulnerability Leading to Arbitrary Plugin Installation/Activation discovered by Dave Jong (Patchstack) in WordPress Avada theme (versions <= 7.8.1).
Update the WordPress Avada theme to the latest available version (at least 7.8.2).