Important Security Update
Posted on April 2, 2015
We’ve been investigating a serious security vulnerability over the past few days, which we’ve found to be present in Events Manager from version 4.0 onwards.
We’ve released 5.5.6 which fixes this issue, as well as fixing this vulnerability in ALL affected versions on the wordpress.org repository to prevent anyone downloading an older vulnerable version in the future. Whilst the vulnerability is not present in the Pro add-on, since it is an add-on, EVERYONE must update the free/main version as soon as possible.
Whilst we always recommend people to update to the latest version of Events Manager (now 5.5.6), we understand that in certain situations this isn’t possible, and therefore you can also download and re-install whatever version you’re running from the EM WordPress plugin page.
Additionally, if you are in the situation where you or someone else modified our plugin on your site, and therefore cannot upgrade without losing any changes, please send a blank email to email@example.com and we’ll reply with some instructions on what file to edit and fix the problem.
Security is our top priority, and whilst we do already run regular security scans on our plugin, we’re working on further measures to prevent further vulnerabilities going undetected. We sincerely apologize for the inconvenience caused and appreciate your understanding.
– Marcus Sykes
P.S. We’ve got a great update on the way, but due to the nature of this issue we’ve had to backtrack and release this patch immediately whilst we test and polish off the upcoming release.