A few days after the most recent updates, we came across a couple of issues on both the Main/Free plugin and Pro add-on that required a quick fix and release of stable versions.

The most important fix is within Events Manager 5.3.9 which consists of closing a potential XSS vulnerability in the event search forms. Therefore, if you are using template files, we strongly suggest you take a look at the html change in the search box itself and move those over to your modifications.

The Pro version update is for a bug that cropped up in one of the recent updates due to the introduction of our Multiple Bookings beta feature, concerning the Form Editor and being able to switch between custom-created forms.

5.3.9 Changelog

• fixed XSS vulnerability in search form field
• fixed php warnings in events-list.php
• ‘mail sent’ messages not shown if no mails actually sent without errors, changed wording of ‘mail’ to ’email’
• updated French and German languages
• added links to category page on #_EVENTCATEGORYIMAGES images
• reordered search form template variable definitions for future splitting up of fields into individual reusable templates
• changed htmlspecialchars to esc_attr, added esc_attr to various input fields
• improved sanitization of front-end form title submission to prevent entity conversion in db records
• fixed missing EM js variables on public edit/submit events page

Pro 2.3.4 Changelog

• fixed bug when trying to switch booking forms in form editor
• fixed localization typo
• added sanitation to various input textboxes in admin area