- This topic has 0 replies, 2 voices, and was last updated 1 year, 4 months ago by
.
-
Posts
-
There is a vulnerability in EME: an sql was not properly escaped so an authenticated user could use a special crafted url/tool to see info he was not supposed to see even if not authorized to do so …). See also: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/events-made-easy/events-made-easy-2316-missing-authorization
It has already been fixed days ago (see the date of this post), but wordpress requires me to refactor the whole code since they have new coding standards. I tried for 5 full days to comply but some of their (new) requirements are very hard to meet (“late escaping” for example, where you need to call an escape function inside the echo-call, not before it … ). Due to this fact, the plugin is currently closed on wordpress. This is a very weird wordpress decision: not allowing a security release because of new coding standards …So, if you want to install and receive updates again, go to https://github.com/liedekef/events-made-easy and follow the (in the readme mentioned) install instructions:
For existing wordpress users that have version 2.3.18 or older:
– Take a database backup to be sure
– Download the zip “events-made-easy.zip” from the latest release on github ( https://github.com/liedekef/events-made-easy/releases )
– Go in the WordPress ‘Plugins’ menu, and click on “Add new”
– Select the zip you downloaded, this will upload the zip and replace the existing installation without losing data
If the file is too big for uploading, try again with “events-made-easy-minimal.zip” (which is a minimum version of the previous release, after which a regular update will present itself).
If still too big, or you need to use FTP/SSH: use your favorite upload tool to upload the contents of the zip file to the /wp-content/plugins/events-made-easy directory (remove the old files first)
– After that, updating the plugin will be as usual in the backendI advise to do this in test first, although it should work just fine (but I did change a huge number of lines of code so a bug is not impossible).
If you feel uncomfortable doing this and want to switch to another plugin, I can totally understand.
Franky
- The forum ‘Generic’ is closed to new topics and replies.