Release Notes: Security Release 3.9.X for The Events Calendar, PRO + add-ons

New versions of some of our plugins shipped today. If you’re active in the WordPress community, I’m sure that you saw a lot of conversation around add_query_arg() in the last 24 hours. An ambiguous Codex article resulted in many plugins being susceptible to cross-site scripting (XSS) attacks. It’s important that you update your copy of any Events Calendar plugins, but also make sure that all of your plugins and WordPress core are up to date. Updates were not required for plugins not listed below.

Current Version Numbers

  • The Events Calendar Core: 3.9.2
  • Events Calendar Pro: 3.9.3
  • Community Events: 3.9.1
  • Facebook: 3.9.3
  • Eventbrite Tickets: 3.9.2
  • Tickets – WpEcommerce: 3.9.1
  • Tickets – WooCommerce: 3.9.3

Yoast and Sucuri led the charge with regards to the broader WordPress community. Yoast has a great writeup explaining the specifics, which is worth reading even if you’ve got all your plugins up to date. Check out Sucuri’s post as well.

Over the coming days, be sure to keep an eye on all of your plugins as we expect many more updates to roll out across the WordPress ecosystem.

As always, if you have any issues – please don’t hesitate to hit up our support channels and we’ll get you taken care of.