Hi
We will check and resolve this bug and release updated version as soon as possible.
Thank you.
WordPress WP Event Manager Plugin <= 3.1.39 is vulnerable to Cross Site Scripting (XSS). This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website due to insufficient input sanitization and output escaping which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet. It may be best to uninstall the affected software and find a replacement.
https://patchstack.com/database/vulnerability/wp-event-manager/wordpress-wp-event-manager-plugin-3-1-39-cross-site-scripting-xss-vulnerability
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-event-manager/wp-event-manager-3139-cross-site-scripting
What is more important than fixing a critical security risk ?!
Is a fix for this security issue being worked on? What is your plan? Some reply on this would be helpful.
I would love to hear an update – anything – about the status of this issue as I will soon be forced to switch to another event plugin. PLease let us know what the schedule for the fix for this security issue is.
Me too…
I only hesitate cause we spend some work in customisations and it’s difficult to explain that to the customer, but an unsecure plugin is a no go.
I raised this issue with your support team over a week ago and I have yet to have a resolution presented.
This is a MUST SOLVE problem that is completely unacceptable.
I am an ‘All Events Manager Pro’ paying customer who is now having to seriously consider leaving WPEM because of this and other issues that have been presented to your support.
WHEN can we expect this to be solved? WHEN is the update coming? If we know about this vulnerability, so does every WordPress hacker out there. How long do we have to wait before the inevitable happens?
Hello @stevec0023, @claudiaiw, @jackrus60, @bethannon1, @inasser, @mc64,
We apologize for the inconvenience, we already resolve security issue for our upcoming version and we will release it very soon. But, if you need it on urgent bases then please use our version https://github.com/wpeventmanager/wp-event-manager/tree/3_1_40 in which we resolve this issue. Please use this and let us know if you have any query or any further issue, our support team are always ready to help.
Thank you for the patience.
Hello,
The updated plugin has been released please update the plugin this has been resolved. Kindly reach us if you have face any issues.
Regards,
Jathin.
-
This reply was modified 2 years, 4 months ago by
wpemhelp.
Hello,
@claudiaiw @stevec0023 @jackrus60 @inasser @mc64
Thank you for the patience and co-operation. Some issues take time to figure out and needs to be tested. We are sorry for the delay and inconvenience and we are here to help you and fix it.
We have released new version with the fix , kindly download the updated version and Let us know if you are facing any problem. Please reach out to us if you face any problem.
Regards,
WP Event Manager.
