Headline
CVE-2023-0404: Changeset 2836308 for events-made-easy – WordPress Plugin Repository
The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. While the plugin is still pending review from the WordPress repository, site owners can download a copy of the patched version directly from the developer’s Github at https://github.com/liedekef/events-made-easy
events-made-easy/trunk/eme_attendances.php
r2797629
r2836308
153
153
$table = $eme\_db\_prefix.ATTENDANCES\_TBNAME;
154
154
$jTableResult = array();
155
$search\_type = isset($\_REQUEST\['search\_type'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_type'\]) : '';
156
$search\_start\_date = isset($\_REQUEST\['search\_start\_date'\]) ? esc\_sql($\_REQUEST\['search\_start\_date'\]) : '';
157
$search\_end\_date = isset($\_REQUEST\['search\_end\_date'\]) ? esc\_sql($\_REQUEST\['search\_end\_date'\]) : '';
155
$search\_type = isset($\_REQUEST\['search\_type'\]) ? esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_type'\])) : '';
156
$search\_start\_date = isset($\_REQUEST\['search\_start\_date'\]) ? esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_start\_date'\])) : '';
157
$search\_end\_date = isset($\_REQUEST\['search\_end\_date'\]) ? esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_end\_date'\])) : '';
158
158
159
159
$att\_types=eme\_attendance\_types();
events-made-easy/trunk/eme_events.php
r2828445
r2836308
757
757
758
758
$page\_body="";
759
if (isset($\_GET\['eme\_cancel\_payment'\])) {
759
if (!empty($\_GET\['eme\_cancel\_payment'\])) {
760
760
$payment\_randomid=eme\_sanitize\_request($\_REQUEST\['eme\_cancel\_payment'\]);
761
761
return eme\_cancel\_payment\_form($payment\_randomid);
762
762
763
} elseif (isset($\_GET\['eme\_cancel\_signup'\])) {
763
} elseif (!empty($\_GET\['eme\_cancel\_signup'\])) {
764
764
$signup\_randomid=eme\_sanitize\_request($\_REQUEST\['eme\_cancel\_signup'\]);
765
765
$res = eme\_cancel\_task\_signup($signup\_randomid);
…
…
770
770
}
771
771
772
} elseif (isset($\_GET\['eme\_unsub'\])) {
772
} elseif (!empty($\_GET\['eme\_unsub'\])) {
773
773
// lets act as if the unsub shortcode is on the page
774
774
$atts=array();
775
775
return eme\_unsubform\_shortcode($atts);
776
776
777
} elseif (isset($\_GET\['eme\_sub\_confirm'\]) && isset($\_GET\['eme\_sub\_nonce'\])) {
777
} elseif (!empty($\_GET\['eme\_sub\_confirm'\]) && !empty($\_GET\['eme\_sub\_nonce'\])) {
778
778
$eme\_email=eme\_sanitize\_email($\_GET\['eme\_sub\_confirm'\]);
779
$eme\_lastname = isset($\_GET\['lastname'\]) ? eme\_sanitize\_request($\_GET\['lastname'\]) : '';
780
$eme\_firstname = isset($\_GET\['firstname'\]) ? eme\_sanitize\_request($\_GET\['firstname'\]) : '';
779
$eme\_lastname = !empty($\_GET\['lastname'\]) ? eme\_sanitize\_request($\_GET\['lastname'\]) : '';
780
$eme\_firstname = !empty($\_GET\['firstname'\]) ? eme\_sanitize\_request($\_GET\['firstname'\]) : '';
781
781
if (!empty($\_GET\['g'\])) {
782
782
$eme\_email\_groups=eme\_sanitize\_request($\_GET\['g'\]);
…
…
798
798
}
799
799
800
} elseif (isset($\_GET\['eme\_unsub\_confirm'\]) && isset($\_GET\['eme\_unsub\_nonce'\])) {
800
} elseif (!empty($\_GET\['eme\_unsub\_confirm'\]) && !empty($\_GET\['eme\_unsub\_nonce'\])) {
801
801
$eme\_email=eme\_sanitize\_email($\_GET\['eme\_unsub\_confirm'\]);
802
802
if (!empty($\_GET\['g'\])) {
…
…
816
816
}
817
817
818
} elseif (isset($\_GET\['eme\_gdpr\_approve'\]) && isset($\_GET\['eme\_gdpr\_nonce'\])) {
818
} elseif (!empty($\_GET\['eme\_gdpr\_approve'\]) && !empty($\_GET\['eme\_gdpr\_nonce'\])) {
819
819
$eme\_email=eme\_sanitize\_email($\_GET\['eme\_gdpr\_approve'\]);
820
820
if (wp\_verify\_nonce(eme\_sanitize\_request($\_GET\['eme\_gdpr\_nonce'\]),"gdpr $eme\_email")) {
…
…
825
825
}
826
826
827
} elseif (isset($\_GET\['eme\_gdpr'\]) && isset($\_GET\['eme\_gdpr\_nonce'\])) {
827
} elseif (!empty($\_GET\['eme\_gdpr'\]) && !empty($\_GET\['eme\_gdpr\_nonce'\])) {
828
828
$eme\_email=eme\_sanitize\_email($\_GET\['eme\_gdpr'\]);
829
829
if (wp\_verify\_nonce(eme\_sanitize\_request($\_GET\['eme\_gdpr\_nonce'\]),"gdpr $eme\_email")) {
…
…
1371
1371
$res = $data;
1372
1372
}
1373
} elseif (isset($\_GET\['eme\_gdpr\_approve'\]) && isset($\_GET\['eme\_gdpr\_nonce'\])) {
1373
} elseif (!empty($\_GET\['eme\_sub\_confirm'\]) && !empty($\_GET\['eme\_sub\_nonce'\])) {
1374
$res = \_\_('Subscribe confirmation','events-made-easy');
1375
} elseif (!empty($\_GET\['eme\_unsub\_confirm'\]) && !empty($\_GET\['eme\_unsub\_nonce'\])) {
1376
$res = \_\_('Unsubscribe confirmation','events-made-easy');
1377
} elseif (!empty($\_GET\['eme\_unsub'\])) {
1378
$res = \_\_('Unsubscribe from mailings','events-made-easy');
1379
} elseif (!empty($\_GET\['eme\_gdpr\_approve'\]) && !empty($\_GET\['eme\_gdpr\_nonce'\])) {
1374
1380
$res = get\_option('eme\_gdpr\_approve\_page\_title');
1375
} elseif (isset($\_GET\['eme\_gdpr'\]) && isset($\_GET\['eme\_gdpr\_nonce'\])) {
1381
} elseif (!empty($\_GET\['eme\_gdpr'\]) && !empty($\_GET\['eme\_gdpr\_nonce'\])) {
1376
1382
$res = get\_option('eme\_gdpr\_page\_title');
1377
} elseif (isset($\_GET\['eme\_cpi'\]) && isset($\_GET\['eme\_cpi\_nonce'\])) {
1383
} elseif (!empty($\_GET\['eme\_cpi'\]) && !empty($\_GET\['eme\_cpi\_nonce'\])) {
1378
1384
$res = get\_option('eme\_cpi\_page\_title');
1379
} elseif (isset($\_GET\['eme\_cancel\_payment'\])) {
1385
} elseif (!empty($\_GET\['eme\_cancel\_payment'\])) {
1380
1386
$res = \_\_('Cancel booking','events-made-easy');
1381
1387
} elseif (get\_query\_var('eme\_check\_rsvp') && get\_query\_var('eme\_pmt\_rndid')) {
…
…
1443
1449
return $html\_title;
1444
1450
}
1445
} elseif (isset($\_GET\['eme\_gdpr\_approve'\]) && isset($\_GET\['eme\_gdpr\_nonce'\])) {
1451
} elseif (!empty($\_GET\['eme\_sub\_confirm'\]) && !empty($\_GET\['eme\_sub\_nonce'\])) {
1452
$res = \_\_('Subscribe confirmation','events-made-easy');
1453
} elseif (!empty($\_GET\['eme\_unsub\_confirm'\]) && !empty($\_GET\['eme\_unsub\_nonce'\])) {
1454
$res = \_\_('Unsubscribe confirmation','events-made-easy');
1455
} elseif (!empty($\_GET\['eme\_unsub'\])) {
1456
$res = \_\_('Unsubscribe from mailings','events-made-easy');
1457
} elseif (!empty($\_GET\['eme\_gdpr\_approve'\]) && !empty($\_GET\['eme\_gdpr\_nonce'\])) {
1446
1458
return \_\_('GDPR approval','events-made-easy');
1447
} elseif (isset($\_GET\['eme\_gdpr'\]) && isset($\_GET\['eme\_gdpr\_nonce'\])) {
1459
} elseif (!empty($\_GET\['eme\_gdpr'\]) && !empty($\_GET\['eme\_gdpr\_nonce'\])) {
1448
1460
return \_\_('GDPR','events-made-easy');
1449
} elseif (isset($\_GET\['eme\_cpi'\]) && isset($\_GET\['eme\_cpi\_nonce'\])) {
1461
} elseif (!empty($\_GET\['eme\_cpi'\]) && !empty($\_GET\['eme\_cpi\_nonce'\])) {
1450
1462
return \_\_('Change personal info','events-made-easy');
1451
} elseif (isset($\_GET\['eme\_cancel\_payment'\])) {
1463
} elseif (!empty($\_GET\['eme\_cancel\_payment'\])) {
1452
1464
return \_\_('Cancel booking','events-made-easy');
1453
1465
} elseif (get\_query\_var('eme\_check\_rsvp') && get\_query\_var('eme\_pmt\_rndid')) {
1454
1466
return \_\_('Attendance check','events-made-easy');
1455
} elseif (get\_query\_var('eme\_check\_member') && isset($\_GET\['member\_id'\])) {
1467
} elseif (get\_query\_var('eme\_check\_member') && !empty($\_GET\['member\_id'\])) {
1456
1468
return \_\_('Membership check','events-made-easy');
1457
1469
} else {
…
…
9073
9085
9074
9086
function eme\_ajax\_events\_list() {
9075
global $eme\_timezone, $eme\_plugin\_url;
9087
global $wpdb,$eme\_timezone, $eme\_plugin\_url;
9076
9088
9077
9089
if (!current\_user\_can( get\_option('eme\_cap\_list\_events'))) {
…
…
9086
9098
$jtSorting = (!empty($\_REQUEST\['jtSorting'\]) && !empty(eme\_sanitize\_sql\_orderby($\_REQUEST\['jtSorting'\]))) ? esc\_sql($\_REQUEST\['jtSorting'\]) : 'ASC';
9087
9099
$scope = (isset($\_REQUEST\['scope'\])) ? eme\_sanitize\_request($\_REQUEST\['scope'\]) : 'future';
9088
$category = isset($\_REQUEST\['category'\]) ? $\_REQUEST\['category'\] : '';
9100
$category = isset($\_REQUEST\['category'\]) ? eme\_sanitize\_request($\_REQUEST\['category'\]) : '';
9089
9101
$status = isset($\_REQUEST\['status'\]) ? intval($\_REQUEST\['status'\]) : '';
9090
$search\_name = isset($\_REQUEST\['search\_name'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_name'\]) : '';
9102
$search\_name = isset($\_REQUEST\['search\_name'\]) ? esc\_sql($wpdb->esc\_like($\_REQUEST\['search\_name'\])) : '';
9091
9103
$search\_start\_date = isset($\_REQUEST\['search\_start\_date'\]) ? esc\_sql($\_REQUEST\['search\_start\_date'\]) : '';
9092
9104
$search\_end\_date = isset($\_REQUEST\['search\_end\_date'\]) ? esc\_sql($\_REQUEST\['search\_end\_date'\]) : '';
…
…
9151
9163
}
9152
9164
if (isset($\_REQUEST\['search\_customfields'\]) && $\_REQUEST\['search\_customfields'\]!="") {
9153
$search\_customfields=eme\_sanitize\_request($\_REQUEST\['search\_customfields'\]);
9165
$search\_customfields=esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_customfields'\]));
9154
9166
} else {
9155
9167
$search\_customfields='';
events-made-easy/trunk/eme_formfields.php
r2816817
r2836308
4596
4596
function eme\_ajax\_formfields\_list() {
4597
4597
global $wpdb,$eme\_db\_prefix;
4598
4599
if (!current\_user\_can( get\_option('eme\_cap\_list\_events'))) {
4600
$ajaxResult=array();
4601
$ajaxResult\['Result'\] = "Error";
4602
$ajaxResult\['Message'\] = \_\_('Access denied!','events-made-easy');
4603
print json\_encode($ajaxResult);
4604
wp\_die();
4605
}
4606
4598
4607
$table = $eme\_db\_prefix.FORMFIELDS\_TBNAME;
4599
4608
$used\_formfield\_ids = eme\_get\_used\_formfield\_ids();
4600
4609
$jTableResult = array();
4601
$search\_type = isset($\_REQUEST\['search\_type'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_type'\]) : '';
4602
$search\_purpose = isset($\_REQUEST\['search\_purpose'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_purpose'\]) : '';
4603
$search\_name = isset($\_REQUEST\['search\_name'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_name'\]) : '';
4610
$search\_type = isset($\_REQUEST\['search\_type'\]) ? esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_type'\])) : '';
4611
$search\_purpose = isset($\_REQUEST\['search\_purpose'\]) ? esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_purpose'\])) : '';
4612
$search\_name = isset($\_REQUEST\['search\_name'\]) ? esc\_sql($wpdb->esc\_like(eme\_sanitize\_request($\_REQUEST\['search\_name'\]))) : '';
4604
4613
$where ='';
4605
4614
$where\_arr = array();
events-made-easy/trunk/eme_locations.php
r2828445
r2836308
2656
2656
$table = $eme\_db\_prefix.LOCATIONS\_TBNAME;
2657
2657
$answers\_table = $eme\_db\_prefix.ANSWERS\_TBNAME;
2658
$search\_name = isset($\_REQUEST\['search\_name'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_name'\]) : '';
2658
$search\_name = isset($\_REQUEST\['search\_name'\]) ? esc\_sql($wpdb->esc\_like(eme\_sanitize\_request($\_REQUEST\['search\_name'\]))) : '';
2659
2659
$where ='';
2660
2660
$where\_arr = array();
events-made-easy/trunk/eme_mailer.php
r2829965
r2836308
1057
1057
function eme\_mailingreport\_list() {
1058
1058
global $wpdb,$eme\_db\_prefix;
1059
1060
if (!current\_user\_can( get\_option('eme\_cap\_send\_mails'))) {
1061
$ajaxResult=array();
1062
$ajaxResult\['Result'\] = "Error";
1063
$ajaxResult\['Message'\] = \_\_('Access denied!','events-made-easy');
1064
print json\_encode($ajaxResult);
1065
wp\_die();
1066
}
1067
1059
1068
$table = $eme\_db\_prefix.MQUEUE\_TBNAME;
1060
1069
if (!isset($\_REQUEST\['mailing\_id'\])) return;
1061
1070
$mailing\_id=intval($\_REQUEST\['mailing\_id'\]);
1062
$search\_name = isset($\_REQUEST\['search\_name'\]) ? esc\_sql($\_REQUEST\['search\_name'\]) : '';
1071
$search\_name = isset($\_REQUEST\['search\_name'\]) ? esc\_sql($wpdb->esc\_like(eme\_sanitize\_request($\_REQUEST\['search\_name'\]))) : '';
1063
1072
$where="";
1064
1073
$where\_arr=array();
…
…
1164
1173
$rows=array\_reverse($rows);
1165
1174
} else {
1166
$search\_text = '%'.$wpdb->esc\_like(eme\_sanitize\_request($\_POST\['search\_text'\])).'%';
1175
$search\_text = '%'.esc\_sql($wpdb->esc\_like(eme\_sanitize\_request($\_POST\['search\_text'\]))).'%';
1167
1176
if (!empty($\_POST\['search\_failed'\]))
1168
1177
$where = "AND status=2";
events-made-easy/trunk/eme_members.php
r2826748
r2836308
5152
5152
foreach ($search\_fields as $search\_field) {
5153
5153
if (isset($\_POST\[$search\_field\]))
5154
$search\_terms\[$search\_field\]=eme\_sanitize\_request($\_POST\[$search\_field\]);
5154
$search\_terms\[$search\_field\]=esc\_sql(eme\_sanitize\_request($\_POST\[$search\_field\]));
5155
5155
}
5156
5156
$group\['search\_terms'\]=serialize($search\_terms);
events-made-easy/trunk/eme_people.php
r2823136
r2836308
3197
3197
foreach ($search\_fields as $search\_field) {
3198
3198
if (isset($\_POST\[$search\_field\]))
3199
$search\_terms\[$search\_field\]=eme\_sanitize\_request($\_POST\[$search\_field\]);
3199
$search\_terms\[$search\_field\]=esc\_sql(eme\_sanitize\_request($\_POST\[$search\_field\]));
3200
3200
}
3201
3201
$group\['search\_terms'\]=serialize($search\_terms);
…
…
4187
4187
foreach ($search\_fields as $search\_field) {
4188
4188
if (isset($\_POST\[$search\_field\]))
4189
$search\_terms\[$search\_field\]=eme\_sanitize\_request($\_POST\[$search\_field\]);
4189
$search\_terms\[$search\_field\]=esc\_sql(eme\_sanitize\_request($\_POST\[$search\_field\]));
4190
4190
}
4191
4191
$group\['search\_terms'\]=serialize($search\_terms);
events-made-easy/trunk/eme_recurrence.php
r2817925
r2836308
439
439
global $wpdb,$eme\_db\_prefix, $eme\_timezone, $eme\_plugin\_url;
440
440
441
if (!current\_user\_can( get\_option('eme\_cap\_list\_events'))) {
442
$ajaxResult=array();
443
$ajaxResult\['Result'\] = "Error";
444
$ajaxResult\['Message'\] = \_\_('Access denied!','events-made-easy');
445
print json\_encode($ajaxResult);
446
wp\_die();
447
}
448
441
449
$eme\_date\_obj=new ExpressiveDate("now",$eme\_timezone);
442
450
$today = $eme\_date\_obj->getDate();
…
…
446
454
$pagesize= (isset($\_REQUEST\['jtPageSize'\])) ? intval($\_REQUEST\['jtPageSize'\]) : 10;
447
455
$scope = (isset($\_REQUEST\['scope'\])) ? eme\_sanitize\_request($\_REQUEST\['scope'\]) : 'ongoing';
448
$search\_name = isset($\_REQUEST\['search\_name'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_name'\]) : '';
449
$search\_start\_date = isset($\_REQUEST\['search\_start\_date'\]) ? esc\_sql($\_REQUEST\['search\_start\_date'\]) : '';
450
$search\_end\_date = isset($\_REQUEST\['search\_end\_date'\]) ? esc\_sql($\_REQUEST\['search\_end\_date'\]) : '';
456
$search\_name = isset($\_REQUEST\['search\_name'\]) ? esc\_sql($wpdb->esc\_like(eme\_sanitize\_request($\_REQUEST\['search\_name'\]))) : '';
457
$search\_start\_date = isset($\_REQUEST\['search\_start\_date'\]) ? esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_start\_date'\])) : '';
458
$search\_end\_date = isset($\_REQUEST\['search\_end\_date'\]) ? esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_end\_date'\])) : '';
451
459
452
460
$where ='';
events-made-easy/trunk/eme_tasks.php
r2820860
r2836308
1466
1466
function eme\_ajax\_task\_signups\_list() {
1467
1467
global $wpdb,$eme\_db\_prefix, $eme\_timezone;
1468
1469
if (!current\_user\_can( get\_option('eme\_cap\_manage\_task\_signups'))) {
1470
$ajaxResult=array();
1471
$ajaxResult\['Result'\] = "Error";
1472
$ajaxResult\['Message'\] = \_\_('Access denied!','events-made-easy');
1473
print json\_encode($ajaxResult);
1474
wp\_die();
1475
}
1476
1468
1477
$table = $eme\_db\_prefix.TASK\_SIGNUPS\_TBNAME;
1469
1478
$events\_table = $eme\_db\_prefix.EVENTS\_TBNAME;
…
…
1471
1480
$people\_table = $eme\_db\_prefix.PEOPLE\_TBNAME;
1472
1481
$jTableResult = array();
1473
$search\_name = isset($\_REQUEST\['search\_name'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_name'\]) : '';
1474
$search\_scope = (isset($\_REQUEST\['search\_scope'\])) ? eme\_sanitize\_request($\_REQUEST\['search\_scope'\]) : 'future';
1475
$search\_event = isset($\_REQUEST\['search\_event'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_event'\]) : '';
1476
$search\_person = isset($\_REQUEST\['search\_person'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_person'\]) : '';
1477
$search\_start\_date = isset($\_REQUEST\['search\_start\_date'\]) ? esc\_sql($\_REQUEST\['search\_start\_date'\]) : '';
1478
$search\_end\_date = isset($\_REQUEST\['search\_end\_date'\]) ? esc\_sql($\_REQUEST\['search\_end\_date'\]) : '';
1482
$search\_name = isset($\_REQUEST\['search\_name'\]) ? esc\_sql($wpdb->esc\_like(eme\_sanitize\_request($\_REQUEST\['search\_name'\]))) : '';
1483
$search\_scope = (isset($\_REQUEST\['search\_scope'\])) ? esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_scope'\])) : 'future';
1484
$search\_event = isset($\_REQUEST\['search\_event'\]) ? esc\_sql($wpdb->esc\_like(eme\_sanitize\_request($\_REQUEST\['search\_event'\]))) : '';
1485
$search\_person = isset($\_REQUEST\['search\_person'\]) ? esc\_sql($wpdb->esc\_like(eme\_sanitize\_request($\_REQUEST\['search\_person'\]))) : '';
1486
$search\_start\_date = isset($\_REQUEST\['search\_start\_date'\]) ? esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_start\_date'\])) : '';
1487
$search\_end\_date = isset($\_REQUEST\['search\_end\_date'\]) ? esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_end\_date'\])) : '';
1479
1488
1480
1489
$where ='';
…
…
1548
1557
function eme\_ajax\_manage\_task\_signups() {
1549
1558
check\_ajax\_referer('eme\_admin','eme\_admin\_nonce');
1559
if (!current\_user\_can( get\_option('eme\_cap\_manage\_task\_signups'))) {
1560
$ajaxResult=array();
1561
$ajaxResult\['Result'\] = "Error";
1562
$ajaxResult\['Message'\] = \_\_('Access denied!','events-made-easy');
1563
print json\_encode($ajaxResult);
1564
wp\_die();
1565
}
1566
1550
1567
if (isset($\_REQUEST\['do\_action'\])) {
1551
1568
$ids\_arr=explode(',',$\_POST\['id'\]);
events-made-easy/trunk/eme_templates.php
r2809630
r2836308
439
439
$template\_types = eme\_template\_types();
440
440
$jTableResult = array();
441
$search\_type = isset($\_REQUEST\['search\_type'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_type'\]) : '';
442
$search\_name = isset($\_REQUEST\['search\_name'\]) ? eme\_sanitize\_request($\_REQUEST\['search\_name'\]) : '';
441
$search\_type = isset($\_REQUEST\['search\_type'\]) ? esc\_sql(eme\_sanitize\_request($\_REQUEST\['search\_type'\])) : '';
442
$search\_name = isset($\_REQUEST\['search\_name'\]) ? esc\_sql($wpdb->esc\_like(eme\_sanitize\_request($\_REQUEST\['search\_name'\]))) : '';
443
443
444
444
$where ='';
events-made-easy/trunk/events-manager.php
r2834040
r2836308
5
5
/\*
6
6
Plugin Name: Events Made Easy
7
Version: 2.3.14
7
Version: 2.3.15
8
8
Plugin URI: https://www.e-dynamics.be/wordpress
9
9
Update URI: https://wordpress.org/plugins/events-made-easy/
…
…
34
34
35
35
// Setting constants
36
define('EME\_VERSION', '2.3.14');
36
define('EME\_VERSION', '2.3.15');
37
37
define('EME\_DB\_VERSION', 362);
38
38
define('EVENTS\_TBNAME','eme\_events');
events-made-easy/trunk/readme.txt
r2834993
r2836308
5
5
Requires at least: 5.4
6
6
Tested up to: 6.1
7
Stable tag: 2.3.14
7
Stable tag: 2.3.15
8
8
License: GPLv2 or later
9
9
License URI: http://www.gnu.org/licenses/gpl-2.0.html
…
…
86
86
87
87
\== Changelog ==
88
\= 2.3.15 (2022//) =
88
\= 2.3.15 (2022/12/19) =
89
89
\* jquery-timepicker update to 1.14.0
90
90
\* GDPR mail for change personal info was not send in html (if wanted to do so)
91
\* Added extra security checks on certain ajax calls to make sure no SQL injection of any kind can take place
91
92
92
93
\= 2.3.14 (2022/12/14) =