5.5.7 – Important XSS Security Update

Yesterday evening we received an email from the WordPress.org plugins team, reporting that an XSS vulnerability in Events Manager has been reported to them.

Consequently they have temporarily taken down Events Manager whilst we fixed the problem, to prevent further people downloading vulnerable code. These vulnerabilities are minor/moderate and only applies to the main/free plugin Events Manager, not the Pro add-on.

We have already fixed these issues and updated the plugin on WordPress.org, pending their review for our plugin page to go back up.

In the meantime, we’ve also put up the latest update here, so that you can still download and use the plugin software and update to the latest version.

We apologize for any inconvenience caused. These vulnerabilities are unrelated to and are nowhere near as serious as the most recent update, but as with any vulnerability, minor or not, we recommend you keep any WordPress plugin updated to the latest versions.

8 thoughts on “5.5.7 – Important XSS Security Update

Alexander Prinz

Since we have a modified version of the plugin we cannot overwrite the current plugin with the new / updated one without losing the changes.

Can you please provide us with a patch for this security update?

best regards,
Alex

Anna

Hi,

Could you please clarify on how Pro Version works? Are payments for bookings via Paypal made automatically to the event owners? Or admin?

Comments are closed.