Events Manager 5.12 & Pro 2.7

Posted on October 5, 2021

We’ve released two maintenance updates, including a security fix for a vulnerability found in Events Manager 5.12. We advise that you upgrade as soon as possible to mitigate an XSS vulnerability.

We’d like to thank the WordPress Plugin team for doing a fabulous job with keeping the plugin repository safe and secure, and in this case liaising with us to identify the vulnerability and getting it fixed in a timely manner. We’ll be following up with another post in a few weeks with some extra precautionary advice, however, rest assured that Events Manager 5.12 has been updated to mitigate the reported vulnerability.

Events Manager 5.12 Changelog

  • changed EM_Booking::$disable_restricions so that all ticket restrictions can ignored for admin manual bookings (pro feature) including spaces, roles and dates
  • added taxonomy filters for Meta Tag Manager compatibility on overriden taxonomy pages
  • added filters to Event_Locations\Event_Location and Event_Locations\URL
  • added filters to EM_Events::output_grouped()
  • fixed #_EVENTDATES_LOCAL and #_24HHTIMES_LOCAL showing time/date range even if time/dates are the same
  • fixed XSS security vulnerability reported by/via WP Plugins team

Events Manager Pro 2.7 Changelog

  • fixed issue where manual bookings without any active gateways still marks bookings as pending payment,
  • added option to auto-confirm manual bookings if offline gatweay is inactive
  • fixed ‘non longer available’ error for manual booking tickets
  • fixed transaction log dates showing UTC time instead of local blog time
  • fixed forms editor minor meta box styling issues,
  • added emp_form_get_formatted_value filter
  • added em_logs_log_directory and em_logs_log_name filters to EMP_Logs to allow overriding of locations
  • fixed username fields not showing in manual booking form
  • fixed transactions table showing UTC date/time instead of local timezone
  • fixed issue with ML cross-language bookings not being removable in multiple bookigns mode
  • fixed tooltips not accepting HTML
  • fixed wrong attendee form data output on checkout if multiple events in cart have different attendee forms
  • added checkbox to disable ticket restrictions in manual bookings, allowing for overbooking ticket spaces and overriding role/date limitations
  • fixed manual booking form ommitting certain registration fields as per settings page options meant for regular users
  • fixed paypal pending payments getting auto-deleted on all blogs in MS Global according to the shortest timeout setting on any of the network blogs
  • fixed logging issues in multisite installations (requires re-saving network EM settings if logging is enabled)

Leave a Reply

This comment area is for discussion, not obtaining support. If you are having issues installing or using Events Manager, please visit either our Free or Pro support forums and we'll be happy to help you there.