Title: Security issue Last modified: November 14, 2023 --- # Security issue * Resolved [claudiaiw](https://wordpress.org/support/users/claudiaiw/) * (@claudiaiw) * [2 years, 7 months ago](https://wordpress.org/support/topic/security-issue-154/) * Hi, * has anybody noticed, that there’s a security issue published by patchstack? * [https://patchstack.com/database/vulnerability/wp-event-manager/wordpress-wp-event-manager-plugin-3-1-39-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/vulnerability/wp-event-manager/wordpress-wp-event-manager-plugin-3-1-39-cross-site-scripting-xss-vulnerability) Viewing 10 replies - 1 through 10 (of 10 total) * Plugin Author [Rita Kikani](https://wordpress.org/support/users/kikanirita/) * (@kikanirita) * [2 years, 6 months ago](https://wordpress.org/support/topic/security-issue-154/#post-17205539) * Hi * We will check and resolve this bug and release updated version as soon as possible. * Thank you. * [mc64](https://wordpress.org/support/users/mc64/) * (@mc64) * [2 years, 6 months ago](https://wordpress.org/support/topic/security-issue-154/#post-17210941) * still… * [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-event-manager/wp-event-manager-3139-cross-site-scripting](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-event-manager/wp-event-manager-3139-cross-site-scripting) * [iNasser](https://wordpress.org/support/users/inasser/) * (@inasser) * [2 years, 6 months ago](https://wordpress.org/support/topic/security-issue-154/#post-17219574) * WordPress WP Event Manager Plugin <= 3.1.39 is vulnerable to Cross Site Scripting( XSS). This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website due to insufficient input sanitization and output escaping which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet. It may be best to uninstall the affected software and find a replacement. [https://patchstack.com/database/vulnerability/wp-event-manager/wordpress-wp-event-manager-plugin-3-1-39-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/vulnerability/wp-event-manager/wordpress-wp-event-manager-plugin-3-1-39-cross-site-scripting-xss-vulnerability) [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-event-manager/wp-event-manager-3139-cross-site-scripting](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-event-manager/wp-event-manager-3139-cross-site-scripting) What is more important than fixing a critical security risk ?! * Moderator [Bet Hannon](https://wordpress.org/support/users/bethannon1/) * (@bethannon1) * [2 years, 6 months ago](https://wordpress.org/support/topic/security-issue-154/#post-17224663) * Is a fix for this security issue being worked on? What is your plan? Some reply on this would be helpful. * [jackrus60](https://wordpress.org/support/users/jackrus60/) * (@jackrus60) * [2 years, 6 months ago](https://wordpress.org/support/topic/security-issue-154/#post-17229772) * I would love to hear an update – anything – about the status of this issue as I will soon be forced to switch to another event plugin. PLease let us know what the schedule for the fix for this security issue is. * Thread Starter [claudiaiw](https://wordpress.org/support/users/claudiaiw/) * (@claudiaiw) * [2 years, 6 months ago](https://wordpress.org/support/topic/security-issue-154/#post-17230008) * Me too… * I only hesitate cause we spend some work in customisations and it’s difficult to explain that to the customer, but an unsecure plugin is a no go. * [stevec0023](https://wordpress.org/support/users/stevec0023/) * (@stevec0023) * [2 years, 6 months ago](https://wordpress.org/support/topic/security-issue-154/#post-17232392) * I raised this issue with your support team over a week ago and I have yet to have a resolution presented. This is a MUST SOLVE problem that is completely unacceptable.I am an ‘All Events Manager Pro’ paying customer who is now having to seriously consider leaving WPEM because of this and other issues that have been presented to your support.WHEN can we expect this to be solved? WHEN is the update coming? If we know about this vulnerability, so does every WordPress hacker out there. How long do we have to wait before the inevitable happens? * Plugin Author [Rita Kikani](https://wordpress.org/support/users/kikanirita/) * (@kikanirita) * [2 years, 6 months ago](https://wordpress.org/support/topic/security-issue-154/#post-17232469) * Hello [@stevec0023](https://wordpress.org/support/users/stevec0023/), [@claudiaiw](https://wordpress.org/support/users/claudiaiw/), [@jackrus60](https://wordpress.org/support/users/jackrus60/), [@bethannon1](https://wordpress.org/support/users/bethannon1/), [@inasser](https://wordpress.org/support/users/inasser/), [@mc64](https://wordpress.org/support/users/mc64/), * We apologize for the inconvenience, we already resolve security issue for our upcoming version and we will release it very soon. But, if you need it on urgent bases then please use our version [https://github.com/wpeventmanager/wp-event-manager/tree/3_1_40](https://github.com/wpeventmanager/wp-event-manager/tree/3_1_40) in which we resolve this issue. Please use this and let us know if you have any query or any further issue, our support team are always ready to help. * Thank you for the patience. * Plugin Support [wpemhelp](https://wordpress.org/support/users/wpemhelp/) * (@wpemhelp) * [2 years, 4 months ago](https://wordpress.org/support/topic/security-issue-154/#post-17407871) * Hello, * The updated plugin has been released please update the plugin this has been resolved. Kindly reach us if you have face any issues. * Regards, Jathin. - This reply was modified 2 years, 4 months ago by [wpemhelp](https://wordpress.org/support/users/wpemhelp/). * Plugin Support [wpemhelp](https://wordpress.org/support/users/wpemhelp/) * (@wpemhelp) * [2 years, 3 months ago](https://wordpress.org/support/topic/security-issue-154/#post-17462063) * Hello, [@claudiaiw](https://wordpress.org/support/users/claudiaiw/) [@stevec0023](https://wordpress.org/support/users/stevec0023/) [@jackrus60](https://wordpress.org/support/users/jackrus60/) [@inasser](https://wordpress.org/support/users/inasser/) [@mc64](https://wordpress.org/support/users/mc64/) * Thank you for the patience and co-operation. Some issues take time to figure out and needs to be tested. We are sorry for the delay and inconvenience and we are here to help you and fix it. We have released new version with the fix, kindly download the updated version and Let us know if you are facing any problem. Please reach out to us if you face any problem. * Regards, WP Event Manager. Viewing 10 replies - 1 through 10 (of 10 total) The topic ‘Security issue’ is closed to new replies. * ![](https://ps.w.org/wp-event-manager/assets/icon-256x256.png?rev=1622826) * [WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce](https://wordpress.org/plugins/wp-event-manager/) * [Support Threads](https://wordpress.org/support/plugin/wp-event-manager/) * [Active Topics](https://wordpress.org/support/plugin/wp-event-manager/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-event-manager/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-event-manager/reviews/) ## Tags * [Cross-site scripting](https://wordpress.org/support/topic-tag/cross-site-scripting/) * [malicious](https://wordpress.org/support/topic-tag/malicious/) * [xss](https://wordpress.org/support/topic-tag/xss/) * 14 replies * 8 participants * Last reply from: [wpemhelp](https://wordpress.org/support/users/wpemhelp/) * Last activity: [2 years, 3 months ago](https://wordpress.org/support/topic/security-issue-154/#post-17462063) * Status: resolved