version 6.6.5 security vulnerabilities? | ww.wp.xz.cn

mcknz76
(@mcknz76)

10 months ago

I recently updated EM from version 6.6.4.4 to 6.6.5 to resolve the open security vulnerabilities, on a site hosted on WP Engine. The WP Engine admin site is showing there are still security vulnerabilities with the plugin, and suggests upgrading to 7.0.5, but we are having styling issues with 7.0.5. Checked with WP Engine and they say the reporting is correct.

Can anyone else verify that 6.6.5 has security problems? Is this a false positive? Thanks & let me know if you need more info or a screenshot.

Viewing 3 replies - 1 through 3 (of 3 total)

joneiseman
(@joneiseman)

10 months ago

According to this page the security vulnerabilities were fixed in 6.6.5: https://wp-events-plugin.com/blog/2025/07/03/em-7-0-4-security-vulnerability-fix/

You can see that WordFence also confirms version 6.6.5 has the necessary patches: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/events-manager/events-manager-703-authenticatedcontributor-stored-cross-site-scripting-via-plugin-shortcodes
joneiseman
(@joneiseman)

10 months ago
Yes it was patched in 6.6.5

I tried to post links to the relevant pages but my post is being held for moderation.

WordFence confirms the problem was patched in 6.6.5 and there’s also a post on the Events Manager website about this (you can find the page using Google search: “events manager” “Security Vulnerability Fix”)
- This reply was modified 10 months ago by joneiseman.
- This reply was modified 10 months ago by joneiseman.
Thread Starter mcknz76
(@mcknz76)

10 months ago

Thanks @joneiseman —

That’s what I thought b/c I haven’t seen anything to the contrary anywhere. Just strange that WPEngine is flagging it as vulnerable, maybe it’s just doing a simple check to see if the version is less than the latest patch version (7.0.4)?

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘version 6.6.5 security vulnerabilities?’ is closed to new replies.

4 replies
2 participants
Last reply from: mcknz76
Last activity: 10 months ago
Status: not resolved