5.5.7 – Important XSS Security Update

Posted on May 23, 2015

Yesterday evening we received an email from the WordPress.org plugins team, reporting that an XSS vulnerability in Events Manager has been reported to them.

Consequently they have temporarily taken down Events Manager whilst we fixed the problem, to prevent further people downloading vulnerable code. These vulnerabilities are minor/moderate and only applies to the main/free plugin Events Manager, not the Pro add-on.

We have already fixed these issues and updated the plugin on WordPress.org, pending their review for our plugin page to go back up.

In the meantime, we’ve also put up the latest update here, so that you can still download and use the plugin software and update to the latest version.

We apologize for any inconvenience caused. These vulnerabilities are unrelated to and are nowhere near as serious as the most recent update, but as with any vulnerability, minor or not, we recommend you keep any WordPress plugin updated to the latest versions.


  1. Debbie says:

    NOW I see it .. so odd.

    BTW, no need to publish my comments since the problem is fixed.

  2. Since we have a modified version of the plugin we cannot overwrite the current plugin with the new / updated one without losing the changes.

    Can you please provide us with a patch for this security update?

    best regards,

  3. Anna says:


    Could you please clarify on how Pro Version works? Are payments for bookings via Paypal made automatically to the event owners? Or admin?

  4. Ronny says:

    I cant modified the options on the forms
    When I click on it nothing happens
    please help me