Events Manager 7.2.3 and Pro 3.7.2.3

We’ve been busy concentrating on previously reported issues and are happy to release this latest update which fixes a whooping 59 reported bugs.

We are still actively sifting through previously reported bugs across all our add-ons and you can expect multiple updates over the coming weeks.

Security Vulnerability Patches

This update includes some security vulnerability patches which were reported to us recently and prompted this early update, as we are still working through older reported issues. We strongly recommend you update due to these known vulnerabilities.

CVE numbers are in the readmes and will be disclosed in due time. We’d like to thank WordFence for their ongoing security efforts and responsible disclosure policy.

Whilst Pro add-ons are not affected by these vulnerability reports, we also encourage Pro customers to upgrade and have also extended our Cyber Week promotional period a few more days to encourage those that have not recently renewed to do so and have the most supported versions of both the free and Pro plugins.

Reserved vs. Pending Bookings

Another noteworthy change, moreso for developers, in the latest update is the separation of reserved vs. pending bookings. Previously, a pending booking would be considered ‘reserved’ if the setting to reserve pending bookings was enabled.

We have also added #_UNAVAILABLESPACES and #_RESERVEDSPACES as additional event placeholders.

Developer Notes

This caused a few issues with correctly counting ‘pending’ bookings with special statuses, such as offline payments in Pro versions, given the Pro gateways have the option to reserved a pending space or not, overriding the default option for free bookings.

Not all pending bookings are necessarily reserved once you introduce custom pending statuses, and now we count available spaces by considering reserved spaces, vs. previously counting pending spaces (and only if pending spaces are considered reserved).

This is a subtle change, and is backwards compatible with previous Pro versions (and in fact fixes this issue in older Pro versions too). Developers should take note that using the following new filters and functions to count reserved spaces will produce more reliable results:

em_bookings_get_reserved_spaces
em_ticket_get_reserved_spaces

It’s essentially the same as the pending filters, but specific to a reserved state, whereas the original pending filters count as pending and not necessarily reserved.

Changelogs

Events Manager 7.2.3

  • Fixed multi-timerange and timeslot settings not being reflected in the event submission UI in some setups
  • Fixed incorrect default timerange UI data when adding an extra timerange to an event
  • FAQ update
  • Fixed booking cut-off time reverting to 12AM upon save for single events
  • Fixed styling issues for timeslot/range editor where trash icon may not appear on front-end for multiple time-ranges
  • Fixed repeating event ticket descriptions not showing on booking form if not overridden
  • Fixed saving a repeated event ticket being set to price 0 rather than repeating event parent ticket price
  • Fixed adding exclusion recurrence set not working when creating new event
  • Changed template approach for recurrence sets so recurrence set template is within a template element
  • Fixed validation errors in recurring events creating an extra blank recurrence set in UI after save attempt
  • Fixed timerange validation errors not saving elements of an event such as recurrence set data, timeranges etc. requiring re-setup during submission
  • Fixed event booking cut-off times not being properly saved for recurring events
  • Fixed recurring/repeating event booking cut-off relative dates (by day) not being properly saved
  • Fixed quick-action recurring/repeated links showing up for trashed posts
  • Fixed event status inconsistencies whilst trashing and untrashing repeated events
  • Fixed trashed event_status in EM_Event objects always reverting to 0 when loaded from DB
  • Fixed inability to unmark an event as all-day once clicked/saved for first time
  • Fixed calendar month formatting option not reflected in calendar
  • Fixed booking form for timeslots showing the time picker if the event is closed to bookings
  • Fixed repeating events template showing in the events list
  • Fixed vulnerabilities CVE-2025-12407 and CVE-2025-12408 reported by thinnawarth mathuros via WordFence Security
  • Fixed medium XSS vulnerability CVE-2025-12976 reported by Muhammad Yudha – DJ via WordFence Security
  • Changed post_id and blog_id to protected properties with magic get/set, allowing post-less recurrences to reference parent post and blog IDs
  • Fixed recurrences not correctly referencing categories and category properties such as colors
  • Made improvements to spacing on mobile and general booking form views for better use of screen real estate
  • Fixed calendar not showing timeslot events with correct time
  • Fixed inconsistent results when showing events split by timeslot
  • Added default option for showing calendars with or without splitting by timeslot
  • Updated intl‑tel‑input to v25.12.5
  • Fixed submission and UI issues with the phone field
  • Fixed allowable HTML in ticket names not outputting in ticket summaries
  • Added booking and ticket counting of reserved vs. pending spaces, fixing inconsistent counts with custom pending status
  • Added #_UNAVAILABLESPACES and #_RESERVEDSPACES placeholders
  • Changed #_BOOKEDSPACES so reserved pending spaces are excluded
  • Added shared functions EM_Ticket::get_status_spaces() and EM_Bookings::get_status_count()
  • Fixed ticket required checkbox getting unchecked upon second save when editing an event
  • Fixed fatal error when supplying comma-separated list of views in event list or calendar shortcode
  • Fixed fatal error when supplying comma-separated list of views in event list or calendar shortcode (duplicate fix)
  • Fixed Google Map JS warnings
  • Upgraded Google Maps to async loading and Advanced Markers
  • Modified map balloon formats to exclude location name, now automatically included in balloon title
  • Updated how map info balloons are styled
  • Fixed privacy consent not being forced as required
  • Fixed “convert to recurrence” link not working outside the event editor
  • Updated readme.txt WordPress version
  • Updated readme.txt WordPress version (correction)
  • Fixed using event=“x” in shortcode or PHP functions producing empty results in custom archetypes
  • Added support for iCal and RSS feeds for custom archetypes
  • Added support for taxonomy event lists to include all archetypes or specific ones via placeholders such as #_CATEGORYNEXTEVENTS{archetype}
  • Fixed interference with other scheduled post CPTs
  • Removed jQuery UI Touch Punch 0.2.3 from JS libraries
  • Fixed calendar month picker showing Jan 2025 when navigating from Dec 2025 when format is set to M Y instead of F Y
  • Fixed possible PHP warnings in em-event-post.php and em-location-post.php
  • Fixed PHP error associated with #_BOOKINGBUTTON

Events Manager Pro 3.7.2.3

  • Fixed attendee booking/editor form not decreasing attendee forms correctly after selecting too many
  • Fixed attendee form styling issues causing CSS/HTML blowouts especially on mobile views
  • Fixed missing minified and sass > CSS converted files not being uploaded to production versions
  • Fixed PHP notice/error during 2.x to v3 update
  • Added support for reserved space counting in bookings since EM 7.2.3 which mitigates double-counting of pending-reserved spaces
  • Fixed some reported typos

Leave a Reply

Your email address will not be published. Required fields are marked *