?? Events Tickets 4.10.7.2

Hey folks! We’ve found a particularly nasty bug within Event Tickets but have patched it up and are eager to get this latest update in your hands.

We discovered that it was possible for a malicious formula (payload) to be injected into the data when completing the Full Name section of the ticket purchase form. Essentially, this opens up a potential scenario where downloading the attendee data CSV file from the WordPress admin and opening the file could trigger malicious code to run on a computer. Even though there were no reports of this actually happening and Excel will indeed warn you before running any of the code, we saw the possibility and decided to patch it up before it could become a thing.

Changes:

• Fix – Prevent formulas from being exported when exporting attendees to CSV

Next up, we’re making progress on the next major feature release for Event Tickets and can’t wait to get that out to you. In the meantime, please update safely as you would with any other WordPress, theme or plugin update and be sure to let us know if you run into any other issues.

We have a Known Issues page for you to reference so you can see what’s already on our radar for a fix.

Check out a detailed description of all of the changes in this release in our official release notes here??https://theeventscalendar.com/announcing-event-tickets-4-10-7-2??

Happy ticketing!

• This topic was modified 5 years, 2 months ago by Courtney Robertson.
• This topic was modified 5 years, 2 months ago by Courtney Robertson.