Yesterday evening we received an email from the WordPress.org plugins team, reporting that an XSS vulnerability in Events Manager has been reported to them.
Consequently they have temporarily taken down Events Manager whilst we fixed the problem, to prevent further people downloading vulnerable code. These vulnerabilities are minor/moderate and only applies to the main/free plugin Events Manager, not the Pro add-on.
We have already fixed these issues and updated the plugin on WordPress.org, pending their review for our plugin page to go back up.
In the meantime, we’ve also put up the latest update here, so that you can still download and use the plugin software and update to the latest version.
We apologize for any inconvenience caused. These vulnerabilities are unrelated to and are nowhere near as serious as the most recent update, but as with any vulnerability, minor or not, we recommend you keep any WordPress plugin updated to the latest versions.
8 thoughts on “5.5.7 – Important XSS Security Update”
Debbie
NOW I see it .. so odd.
BTW, no need to publish my comments since the problem is fixed.
marcus
Akismet flagged your other one. Will leave unpublished as per your request.
Alexander Prinz
Since we have a modified version of the plugin we cannot overwrite the current plugin with the new / updated one without losing the changes.
Can you please provide us with a patch for this security update?
best regards,
Alex
marcus
See here for the changes that were made for the security update – https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1166692%40events-manager&old=1149365%40events-manager&sfp_email=&sfph_mail=
Anna
Hi,
Could you please clarify on how Pro Version works? Are payments for bookings via Paypal made automatically to the event owners? Or admin?
marcus
Out the box, each site has one place for paypal/gateway owners and all payments go there. We have some workarounds in the form of snippets/add-ons (no extra charge), for more info on that or any other Pro-questions please get in touch here – http://wp-events-plugin.com/contact-us/
Ronny
I cant modified the options on the forms
When I click on it nothing happens
please help me
marcus
Hi Ronny, please visit either our Free or Pro support forums and we’ll be happy to help you there.
Comments are closed.