Yesterday evening we received an email from the WordPress.org plugins team, reporting that an XSS vulnerability in Events Manager has been reported to them.
Consequently they have temporarily taken down Events Manager whilst we fixed the problem, to prevent further people downloading vulnerable code. These vulnerabilities are minor/moderate and only applies to the main/free plugin Events Manager, not the Pro add-on.
We have already fixed these issues and updated the plugin on WordPress.org, pending their review for our plugin page to go back up.
In the meantime, we’ve also put up the latest update here, so that you can still download and use the plugin software and update to the latest version.
We apologize for any inconvenience caused. These vulnerabilities are unrelated to and are nowhere near as serious as the most recent update, but as with any vulnerability, minor or not, we recommend you keep any WordPress plugin updated to the latest versions.
The post 5.5.7 – Important XSS Security Update appeared first on Events Manager for WordPress.