WordPress before 5.2.3 allows XSS in post previews by authenticated users.

WordPress 5.2.3 is now available!

This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade.

If you haven’t yet updated to 5.2, there are also updated versions of 5.1 and earlier that fix the bugs for you.

**Security Updates**

*   Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments. 
*   Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect. 
*   Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
*   Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability for cross-site scripting (XSS) in shortcode previews.
*   Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
*   Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
*   In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions. 

You can browse the full list of changes on Trac.

For more info, browse the full list of changes on Trac or check out the Version 5.2.3 documentation page.

WordPress 5.2.3 is a short-cycle maintenance release. The next major release will be version 5.3.

You can download WordPress 5.2.3 from the button at the top of this page, or visit your **Dashboard → Updates** and click **Update Now**.

If you have sites that support automatic background updates, they’ve already started the update process.

**Thanks and props!**

This release brings together contributions from more than 62 other people. Thank you to everyone who made this release possible!

Adam Silverstein, Alex Concha, Alex Goller, Andrea Fercia, Andrew Duthie, Andrew Ozz, Andy Fragen, Ashish Shukla, Aslam Shekh, backermann1978, Catalin Dogaru, Chetan Prajapati, Chris Aprea, Christoph Herr, dan@micamedia.com, Daniel Llewellyn, donmhico, Ella van Durpe, epiqueras, Fencer04, flaviozavan, Garrett Hyder, Gary Pendergast, gqevu6bsiz, Hardik Thakkar, Ian Belanger, Ian Dunn, Jake Spurlock, Jb Audras, Jeffrey Paul, jikamens, John Blackbourn, Jonathan Desrosiers, Jorge Costa, karlgroves, Kjell Reigstad, laurelfulford, Maje Media LLC, Martin Spatovaliyski, Mary Baum, Monika Rao, Mukesh Panchal, nayana123, Ned Zimmerman, Nick Daugherty, Nilambar Sharma, nmenescardi, Paul Vincent Beigang, Pedro Mendonça, Peter Wilson, Sergey Biryukov, Sergey Predvoditelev, Sharaz Shahid, Stanimir Stoyanov, Stefano Minoia, Tammie Lister, tellthemachines, tmatsuur, Vaishali Panchal, vortfu, Will West, and yarnboy.

CVE-2019-16223: WordPress 5.2.3 Security and Maintenance Release

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

**100 check-ins**

2023-03-23

12:00

Fix #ifdefs that use the wrong preprocessor macro. (Leaf check-in: 0aecf360 user: drh tags: nan-inf)

10:58

The attempt to bring STAT4 up to 100% MC/DC at \[55a26c67ed4a3a93\] and at \[168fa2fb22b8c1ad\] are incorrect. Back them out and replace them with a simple NEVER() macro. Error reported by forum post dc4854437b. (Leaf check-in: 76e683c5 user: drh tags: branch-3.41)

10:54

The attempt to bring STAT4 up to 100% MC/DC at \[55a26c67ed4a3a93\] and at \[168fa2fb22b8c1ad\] are incorrect. Back them out and replace them with a simple NEVER() macro. Error reported by forum post dc4854437b. (Leaf check-in: 5992370a user: drh tags: trunk)

2023-03-22

20:21

Add the SQLITE\_ENABLE\_NAN\_INF compile-time option which makes the following behavior changes: (1) sqlite3\_value\_double(NULL) returns NaN, (2) SQLite preserves NaN values rather than converting them to NULL. (3) CAST statements understand "NaN" and "Inf" and make the right conversions. (4) Non-standard JSON is never generated by SQLite JSON routines, but those routines will accept floating point literals "NaN", "Inf", and "-Inf". (check-in: 96ec8306 user: drh tags: nan-inf)

19:57

Internal cleanups in JS code. No functional changes. (check-in: 8fbdf7d1 user: stephan tags: trunk)

16:55

The floating-point-to-text conversion with the zero-padding option now renders NaN as "null". (check-in: ad59fa17 user: drh tags: trunk)

16:37

For consistency, the ".mode json" output from the CLI now renders infinity in the same format as the JSON functions. (check-in: abee339d user: drh tags: trunk)

16:24

The double-to-text conversion renders infinity as 9e999, so that JSON output is compliant and so that values can be round-tripped. (check-in: b52081d0 user: drh tags: trunk)

16:01

In the CLI, the magic parameter :inf and :nan bind floating point values Infinity and NaN, respectively, as an add to testing SQLite's handling of those quantities. (check-in: c70a61d8 user: drh tags: trunk)

14:51

Update the version number for the TEA tarball to 3.42.0, to match the core. (check-in: 03e6918e user: drh tags: trunk)

13:47

Merge the 3.41.2 patch into the reuse-schema-3.41 subbranch of reuse-schema (Leaf check-in: 995fa4d0 user: drh tags: reuse-schema-3.41)

13:35

Merge the 3.41.2 patches into the bedrock-3.41 subbranch of bedrock. (Leaf check-in: b7a144c4 user: drh tags: bedrock-3.41)

13:25

Merge the 3.41.2 patch into the wal2-3.41 subbranch of wal2. (Leaf check-in: db44f17a user: drh tags: wal2-3.41)

11:56

Version 3.41.2 (check-in: 0d1fc92f user: drh tags: release, branch-3.41, version-3.41.2)

11:12

Increment the version number in the TEA configure script to 3.41.2. (check-in: 2bb74aa5 user: drh tags: branch-3.41)

2023-03-21

14:20

Add ALWAYS() on a branch this is always true now due to \[84417bbd144b2197\]. (check-in: badf7d0e user: drh tags: trunk)

12:29

Add the fuzzcheck-asan.exe target to the MSVC makefile. (check-in: 0901bc02 user: drh tags: trunk)

11:56

Add the fuzzcheck-asan target to the main posix makefile. (check-in: 55e94add user: drh tags: trunk)

11:27

Fix a valgrind error and potential buffer overread when handling a corrupt database. (check-in: cb8b34fa user: drh tags: branch-3.41)

11:13

Fix a valgrind error and potential buffer overread when handling a corrupt database. (check-in: b1e0cd64 user: dan tags: trunk)

2023-03-20

20:22

Reinsert two NEVER() macros for b-tree branches that were previously needed for \[b6a82f3c3b9d89fd\] but which are now obsolete due to \[73f0036f045bf371\]. **Later:** dbsqlfuzz quickly found new cases for which those two branches are needed. The new test cases have been added to TH3. (Closed-Leaf check-in: 3065dadb user: drh tags: backout)

18:35

Minor change to btreeNext() to facilitate coverage testing. (check-in: 20b3ef04 user: drh tags: trunk)

15:50

Fix a problem causing a cursor to retain an out-of-date cell-info cache when processing a DISTINCT query on values that are identical according to their collation sequence, but different on disk. (check-in: b0281184 user: drh tags: branch-3.41)

14:59

Fix a problem causing a cursor to retain an out-of-date cell-info cache when processing a DISTINCT query on values that are identical according to their collation sequence, but different on disk. Forum post e123e6cde4. (check-in: 1b3abc1d user: dan tags: trunk)

10:43

Back out the extra margin added to the input buffer of the CLI, as it is not needed. (check-in: ac8d1e5d user: drh tags: trunk)

01:59

Fix problems with the sqlite3\_error\_offset() function and its use in the CLI. (check-in: d5cd6c88 user: drh tags: branch-3.41)

01:55

A better fix for the sqlite3\_error\_offset() problem on generated columns. (check-in: 770b3e67 user: drh tags: trunk)

00:53

Expression errors in generated columns should not generate non-negative sqlite3\_error\_offset() returns. Second of two defenses against \[33aa4c0de8a62e33\]. (check-in: 2adb4e0d user: drh tags: trunk)

00:48

When reporting errors in the CLI, ignore the output of sqlite3\_error\_offset() if the value returned is clearly out-of-range. One of two lines of defense against \[33aa4c0de8a62e33\]. (check-in: 26adbb80 user: drh tags: trunk)

2023-03-19

21:53

Increase the size of ref-count values in the pager layer to 64-bits, to avoid any reasonable possiblity of overflowing the counters. (check-in: 824611ad user: drh tags: branch-3.41)

21:48

Increase the size of ref-count values in the pager layer to 64-bits, to avoid any reasonable possiblity of overflowing the counters. There is a performance and memory penality for this. Forum post b741f15a35. (check-in: 6c5d99a8 user: drh tags: trunk)

10:30

Avoid a buffer overread in fts3 that could occur when processing a corrupt record. (check-in: 1f91fe4b user: drh tags: branch-3.41)

2023-03-18

16:12

Avoid a buffer overread in fts3 that could occur when processing a corrupt record. (check-in: 02ac2297 user: dan tags: trunk)

2023-03-17

20:31

Fix json rendering so that it shows positive and negative infinity as 9.0e+999 and -9.0e+999 respectively. (Closed-Leaf check-in: efce4690 user: drh tags: numeric-only-json)

19:18

Add the ability to name functions using one of the join keywords like CROSS FULL INNER LEFT NATURAL OUTER RIGHT. (check-in: 0910b192 user: drh tags: trunk)

19:07

Add test cases for functions named the same as join keywords. (Closed-Leaf check-in: 94944b23 user: drh tags: functions-named-left)

14:22

Fix a potential buffer overread in the recovery extension. (check-in: 78836713 user: dan tags: branch-3.41)

14:18

Fix a potential buffer overread in the recovery extension. (check-in: 0b3b5bf9 user: dan tags: trunk)

12:25

Ensure that an error does not delete the Table object out from under the xConstruct method of a virtual table. dbsqlfuzz 7cc8804a1c6d4e3d554d79096e6ea75a7c1c7d2d (check-in: c5bd0ea3 user: drh tags: branch-3.41)

10:43

Ensure that an error does not delete the Table object out from under the xConstruct method of a virtual table. dbsqlfuzz 7cc8804a1c6d4e3d554d79096e6ea75a7c1c7d2d (check-in: df4928c9 user: drh tags: trunk)

10:30

Increase the version number to 3.41.2 (check-in: 122f12f5 user: drh tags: branch-3.41)

00:42

Add safety margin on the CLI input buffer for tickets \[33aa4c0de8a62e33\], \[b97e6c5e6a91d97f\], \[2971fbe3f993e95a\], and \[2971fbe3f993e95a\]. (check-in: 741af08a user: drh tags: trunk)

00:10

Fix assert() statements that would (incorrectly) fire if an IF NOT EXISTS trigger that already exists contained two or more RETURNING clauses. (check-in: 9b43b34d user: drh tags: branch-3.41)

00:01

Fix assert() statements that would (incorrectly) fire if an IF NOT EXISTS trigger that already exists contained two or more RETURNING clauses. Tickets \[89d259d45b855a0d\] and \[d15b3a4ea901ef0d\]. (check-in: 648899e4 user: drh tags: trunk)

2023-03-16

21:05

Correctly handle SELECT DISTINCT ... ORDER BY when all of the result set terms are constant and there are more result set terms than ORDER BY terms. (check-in: 097512b6 user: drh tags: branch-3.41)

20:54

Correctly handle SELECT DISTINCT ... ORDER BY when all of the result set terms are constant and there are more result set terms than ORDER BY terms. Fix for these tickets: \[c36cdb4afd504dc1\], \[4051a7f931d9ba24\], \[d6fd512f50513ab7\]. (check-in: 12ad822d user: drh tags: trunk)

12:28

Additional debug/test output from the query invariant checker showing the row-number that is being checked. (check-in: e4b6eb58 user: drh tags: trunk)

11:50

Update the tracing output for the query-invariant checker such that it shows the SQL that is run to verify that a found query-invariant discrepency is valid. Changes to testing logic only. (check-in: 8f45ad27 user: drh tags: trunk)

10:21

Do not use the one-pass optimization on an UPDATE if there is a subquery in the WHERE clause, since if the subquery is hidden behind a short-circuit operator, the subquery might not be evaluated until after one or more rows have been updated. (check-in: b5d8a9a6 user: drh tags: branch-3.41)

10:17

Do not use the one-pass optimization on an UPDATE if there is a subquery in the WHERE clause, since if the subquery is hidden behind a short-circuit operator, the subquery might not be evaluated until after one or more rows have been updated. Fix for the problem reported by forum post 0007d1fdb1. This is the same problem that was fixed by \[73f0036f045bf371\] only for UPDATE instead of DELETE. (check-in: 2c56b984 user: drh tags: trunk)

09:16

Remove a NEVER() from btreeNext(). (check-in: 40623f5a user: drh tags: branch-3.41)

09:12

Fix a broken assert() in the recovery extension. (check-in: 048711e4 user: drh tags: branch-3.41)

09:07

Remove a NEVER() from btreeNext() that dbsqlfuzz 460aa158f9a2c41145831cc924296cde1f312b3f found could sometimes be reached. I will find a way to test that branch later. (check-in: 1dffeffe user: drh tags: trunk)

02:30

Another approach at attempting to contain the damage caused by corruption that leaves MemPage.isInit clear. Works better than the previous but is still not perfect. (Closed-Leaf check-in: ba964eb0 user: drh tags: corruption-in-btree-init)

01:20

When the btreeInitPage() routine detects database corruption, it should continue to the end and set MemPage.isInit before it returns SQLITE\_CORRUPT, because if it leaves MemPage.isInit unset, then can cause difficulty later. dbsqlfuzz 460aa158f9a2c41145831cc924296cde1f312b3f (check-in: 44e83f8b user: drh tags: corruption-in-btree-init)

2023-03-15

18:05

Disallow the one-pass optimization for DELETE if the WHERE clause contains a subquery. (check-in: 25e18318 user: drh tags: branch-3.41)

17:58

Disallow the one-pass optimization for DELETE if the WHERE clause contains a subquery. Fix for the problem reported by forum post e61252062c9d286d. This fix is more restrictive than necessary. It could be relaxed if the subquery does not involve the table that is the subject of the DELETE. (check-in: 73f0036f user: drh tags: trunk)

13:53

Fix a broken assert() in the recovery extension. (check-in: 4c4e66f2 user: dan tags: trunk)

2023-03-14

20:16

Fix Bloom filters on an expression index. (check-in: 11e0256b user: drh tags: branch-3.41)

20:08

Fix Bloom filters on an expression index. forum post 2e427099d5 and forum post d47a0e8e3a. This problem goes back to the original introduction of Bloom filters (check-in \[633bfeeea2bccdd4\]) for SQLite version 3.38.0. (check-in: c028fb66 user: drh tags: trunk)

2023-03-13

16:08

Include CLI's tip for -- in all builds. Better show optionality of its non-option arguments. (check-in: 9e2c771d user: larrybr tags: trunk)

2023-03-11

23:29

The cherry-pick merge at \[371838562a675c1b\] caused a performance regression for some queries, which is here fixed. (check-in: 6d6d95fc user: drh tags: branch-3.41)

23:21

The check-in at \[198b3e33dcfd74c7\] caused a performance regression for some queries, which is here fixed. Problem reported by forum post b405033490fa56d9. (check-in: dc9f025d user: drh tags: trunk)

12:27

Allow functions named using keywords "CROSS", "FULL", "INNER", "LEFT", "NATURAL", "OUTER", and "RIGHT". (check-in: eeac3d5e user: drh tags: functions-named-left)

00:15

CLI help to reflect no-more-options option (check-in: 30d95a12 user: larrybr tags: trunk)

2023-03-10

21:27

Fix a typo in a comment. No code changes. (check-in: 76acc075 user: drh tags: trunk)

20:54

Give CLI a no-more-options option. (--) (check-in: 08227887 user: larrybr tags: trunk)

13:36

Fix a problem with the fts5 snippet() function that shows up when snippets just 1 token in length are requested. (check-in: 96d5116d user: dan tags: trunk)

12:47

Merge the 3.41.1 patches into the bedrock branch. (check-in: 2780cc9f user: drh tags: bedrock-3.41)

12:13

Version 3.41.1 (check-in: 20399f3e user: drh tags: release, branch-3.41, version-3.41.1)

11:57

Export SQLITE\_FCNTL\_RESET\_CACHE to JS. (check-in: 6195cfc8 user: stephan tags: trunk)

00:59

Merge the branch-3.41 patches into the reuse-schema branch. (check-in: af08bd3e user: drh tags: reuse-schema-3.41)

00:21

Merge the latest 3.41 patches into a new branch called wal2-3.41. (check-in: e67bfc76 user: drh tags: wal2-3.41)

2023-03-09

22:09

Replace a lingering use of 'self' with 'globalThis' in JS code, for node compatibility. (check-in: 7e3782b5 user: stephan tags: trunk)

16:11

Reinstate some test cases accidentally removed by \[cb023fe28560ce0f\]. (check-in: 870de61f user: dan tags: trunk)

16:04

In the Bloom filter optimization, hash all strings and blobs into the same value, because we do not know if two different strings might compare equal even if they have different byte sequences, due to collating functions. Formerly, the hash of a string or blob was just its length. This could all be improved. (check-in: cc8a0ee4 user: drh tags: branch-3.41)

15:08

Fix countofview.test so that it works with SQLITE\_OMIT\_PROGRESS\_CALLBACK builds. (check-in: d55a7742 user: dan tags: branch-3.41)

15:08

Fix countofview.test so that it works with SQLITE\_OMIT\_PROGRESS\_CALLBACK builds. (check-in: 2fc7c3fc user: dan tags: trunk)

14:14

Update the version number to 3.41.1 (check-in: e4e2e647 user: drh tags: branch-3.41)

13:58

Merge count-of-view optimization fixes from trunk. But count-of-view is still off by default for this branch. (check-in: cbbe8986 user: drh tags: branch-3.41)

08:51

Experimental addition of sqlite3-node.mjs, for node.js, based on feedback from forum post ac7a94d4f77db235 and related off-list discussions. Build changes only - no code changes. (check-in: a5db97fa user: stephan tags: trunk)

01:35

Fix a possible NULL pointer dereference due to the sqlite3\_interrupt() enhancement in the 3.41.0 release. (check-in: 66d24a22 user: drh tags: branch-3.41)

2023-03-08

23:05

Fix a possible NULL pointer dereference due to the sqlite3\_interrupt() enhancement at \[bd8fa10e59f58886\]. Reported by forum post f5a2b1db87. (check-in: 84417bbd user: drh tags: trunk)

22:48

Backout the OP\_MakeRecord optimization as it does not work. (check-in: 25017312 user: drh tags: trunk)

18:05

Export the new SQLITE\_CHANGESETAPPLY\_IGNORENOOP flag to JS. (check-in: ac7359b2 user: stephan tags: trunk)

18:03

Add the SQLITE\_CHANGESETAPPLY\_IGNORENOOP flag, which may be passed to sqlite3changeset\_apply\_v2() to have it ignore changes that would be no-ops if applied to the database (e.g. deleting a row that has already been deleted), instead of considering them conflicts. (check-in: cb023fe2 user: dan tags: trunk)

17:09

Small performance improvement in the OP\_MakeRecord opcode. (check-in: ca89daef user: drh tags: trunk)

14:37

Keep the historical datatype ("INT", not "NUM") for a table created as follows: "CREATE TABLE t1 AS SELECT CAST(123 AS INT) AS value;". The use of FLEXNUM only occurs on compound queries. (check-in: dc1033af user: drh tags: branch-3.41)

14:28

Change to \[44135d6ea84f7ba6\] that retains the historical datatype ("INT", not "NUM") for a table created as follows: "CREATE TABLE t1 AS SELECT CAST(123 AS INT) AS value;". The use of FLEXNUM only occurs on compound queries. (check-in: 6d5b5896 user: drh tags: trunk)

10:05

Extend wasm build to support a custom sqlite3.c to support building against sqlite3-see.c. The JS code now binds the SEE-specific functions if it detects an SEE build. (check-in: dd8612c8 user: stephan tags: trunk)

00:47

Fix a problem in the count-of-view optimization that can lead to incorrect bytecode. dbsqlfuzz 23d782160b71c3f8f535ccb2da313dfc8eb8c631. (check-in: f4500953 user: drh tags: trunk)

00:04

Fix an assertion fault added by \[65ffee234787213c\]. (check-in: d00e68ba user: drh tags: branch-3.41)

2023-03-07

23:47

Fix a bug introduced 4 days ago by \[e95439119ac200cb\]: do not set the Expr.affExpr field of a generated column expression if the expression is a RAISE() function, as affExpr has a different meaning for RAISE. Forum post b312e075b5. (check-in: 1096b5a7 user: drh tags: trunk)

19:39

A proposed change to \[44135d6ea84f7ba6\] that retains the historical datatype ("INT", not "NUM") for a table created as follows: "CREATE TABLE t1 AS SELECT CAST(123 AS INT) AS value;". (Closed-Leaf check-in: a0e54fe2 user: drh tags: flexnum-proposed-fix)

19:23

Improve how sqlite3.initWorker1API() determines whether it's running in a Worker thread. Based on feedback in forum post ac7a94d4f77db235. (check-in: 2f712b83 user: stephan tags: trunk)

19:12

Replace use of 'self' in JS code with 'globalThis', as that works in browsers and node environments. Avoid using globalThis.location if it's not set (e.g. in node). Based on feedback in forum post ac7a94d4f77db235. Minor JS build tweaks. (check-in: dbbe8f25 user: stephan tags: trunk)

12:59

In the JS sqlite3.vfs/vtab utility APIs, use a local reference to StructBinder instead of sqlite3.StructBinder, as that object is removed from the sqlite3 namespace during the final steps of API initialization. Based on feedback from forum post d19d96183badca70. (check-in: 0d89885d user: stephan tags: trunk)

02:24

Fix a couple minor spacing issues in the MSVC makefile. (check-in: 46b3ac6d user: mistachkin tags: trunk)

2023-03-06

23:39

Repair an unintential fork. (check-in: 8b524c84 user: drh tags: trunk)

23:38

Improvements to query invariant testing such that it uses the new SQLITE\_DBCONFIG\_REVERSE\_SCANORDER opcode to sqlite3\_db\_config() to make more accurate judgements about when a query is ambiguous, and hence when query invariant testing is approprate. (check-in: be9ab292 user: drh tags: trunk)

More ↓

CVE-2019-16168: SQLite: Timeline

CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.

*   Details
*   Reviews
*   Installation
*   Development

Sell tickets and collect RSVPs with the free Event Tickets plugin, from the team behind the number one calendar in WordPress.

This plugin makes it easy to sell tickets, collect registrations, and manage attendees for your in-person or virtual events. Plus, it comes with features backed by our world-class team of developers and designers. Easily integrate Event Tickets with your Stripe account or PayPal business account.

Connect to Stripe and take advantage of one of the world’s most popular payment gateways. Our Stripe integration lets you accept credit card payments on your website, along with additional payment methods including AfterPay, ClearPay, AliPay, Giropay, and Klarna.

See more videos on our YouTube channel

Easily connect to PayPal without any complicated API keys or code through our quick connection wizard in your WordPress backend. With just a few clicks, you can begin selling tickets and enable payment through PayPal, Venmo, and credit cards.

Even more, you can upgrade to Event Tickets Plus and unlock additional payment methods including digital wallets like ApplePay and Google Pay through Stripe, or use WooCommerce to take advantage of popular payment solutions including Braintree, Square, AmazonPay, and more.

**🎟️ Ticketing and Registration for WordPress**

See Event Tickets in action on our demo site. Just getting started? Check out the Getting Started Guide for an introduction to features, settings, and functionality.

Looking for additional features like custom registration fields, QR check-in, Zoom integration, and more? **Check out Event Tickets Plus and our other add-ons**.

**🔌🎨 Plug and Play or Customize**

Event Tickets is built to work out of the box. Just install the plugin, configure your settings, and start collecting RSVPs and selling tickets in minutes.

Add your own touch by using Event Tickets as the foundation for customization. Personalize to your heart’s content with the help of a skeleton stylesheet, partial template overrides, template tags, hooks and filters, careful documentation, and a library of free extensions.

Whether your vision is big or small, you’re in good company. Thousands of small businesses, musicians, venues, restaurants, and non-profits are increasing revenue from their in-person and virtual events with Event Tickets. Our plugins have also been scaled to work on large networks for Fortune 100 companies, universities, and government institutions.

**✨ Features**

✔️ Attendees can purchase tickets to events  
✔️ Attendees can RSVP to events  
✔️ Sell tickets with PayPal and/or Stripe using our free commerce solution, Tickets Commerce.  
✔️ Add RSVPs and tickets to posts, pages, or custom post types  
✔️ Collect ticket fees by connecting your PayPal business or Stripe account  
✔️ Generate sales and attendee reports  
✔️ Ticket stock countdown  
✔️ Automatic ticket confirmation emails  
✔️ Works out of the box with The Events Calendar  
✔️ Responsive design works on all devices  
✔️ Tested on the major theme frameworks such as Avada, Genesis, Kadence, Thesis and many more.  
✔️ Internationalized & translated  
✔️ Extensive template tags for customization  
✔️ Hooks & filters galore  
✔️ Library of extensions

Upgrade to Event Tickets Plus for full WooCommerce integration to use additional payment gateways.

**📃 Documentation**

All of our documentation can be found in our knowledgebase.

Additional helpful links:

*   Guide: Getting Started with Event Tickets
*   Installing Event Tickets Video
*   Using Tickets Commerce Video
*   Do I need Event Tickets or Event Tickets Plus?
*   How to Make Money with Virtual Events
*   Implementing Stripe on Event Tickets and Event Tickets Plus

If you have any questions about this plugin, you can post a thread in the WordPress.org forum. Please search existing threads before starting a new on

**➕ Add-Ons**

Take your calendar to the next level by pairing it with our plugins for ticketing, crowdsourcing, email marketing, and more. Learn more about all our products on our website.  
Our Free Plugins:  
📅 The Events Calendar  
📐 Advanced Post Manager

Our Premium Plugins and Services:

⚡ Events Calendar Pro  
↪️ Event Aggregator (service)  
🎟️ Event Tickets Plus  
✉️ Promoter  
👥 Community Events  
🎟️ Community Tickets  
✏️ Filter Bar  
🗓️ Eventbrite Tickets  
📡 Virtual Events

**Help**

If you aren’t familiar with Event Tickets, check out our Getting Started Guide. It will have you creating tickets in no time.

Ready to dig deeper? Check out these resources:

*   Tutorials
*   Known Issues
*   Help Videos
*   Release Notes

We check in on the Event Tickets forum here on WordPress.org about once a week to help users with basic troubleshooting and identifying bugs. If you’re looking for premium, personalized support, consider upgrading to Event Tickets Plus.

Still have a question? Shoot us an email at support@theeventscalendar.com.

**Translate**

Event Tickets is translated into multiple languages, including German, Danish, and Dutch. Help localize Event Tickets even further by adding your locale – visit translate.wordpress.org.

1.  From the dashboard of your site, navigate to Plugins –> Add New.
2.  Select the Upload option and hit “Choose File.”
3.  When the popup appears select the event-tickets.x.x.zip file from your desktop. (The ‘x.x’ will change depending on the current version number).
4.  Follow the on-screen instructions and wait as the upload completes.
5.  When it’s finished, activate the plugin via the prompt. A message will show confirming activation was successful.
6.  For access to new updates, make sure you have added your valid License Key under Tickets –> Settings –> Licenses.

**Are there any troubleshooting steps I should try before I post a new thread in the support forum?**

First, make sure that you’re running the latest version of Event Tickets. If you’ve got any other add-ons, make sure those are current and running the latest code as well. Also be sure to check our knowledgebase.

The most common issues we see are either plugin or theme conflicts. You can test if a plugin or theme is conflicting by manually deactivating other plugins until just Event Tickets is running on your site. If the issue persists, revert to the default Twenty Twenty theme. If the issue is resolved after deactivating a specific plugin or your theme, you’ll know that is the source of the conflict.

Note that we aren’t going to say “tough luck” if you identify a plugin/theme conflict. While we can’t guarantee 100% integration with any plugin or theme out there, we will do our best (and reach out the plugin/theme author as needed) to figure out a solution that benefits everyone.

**I’m still stuck. Where do I go to file a bug or ask a question?**

Free plugin users can post in the Event Tickets support forum on WordPress.org. Our team reviews that forum weekly to look for bug reports.

If you’re already an Event Tickets Plus subscriber, you’re entitled to our actively-monitored Premium Support on our website. Generally, except in times of increased support loads, we reply to all premium support tickets within 24 hours during the business week.

**What’s the difference between Event Tickets and Events Tickets Plus?**

Event Tickets is our free ticketing plugin that has all the basics you need to sell tickets and collect RSVPs on your website. You can use Event Tickets with or without The Events Calendar.

Event Tickets Plus is a premium plugin that runs alongside Event Tickets and enhances it with extra features, including custom registration fields, shortcodes, WooCommerce integration, enhanced Stripe functionality for Stripe for Tickets Commerce, our mobile ticketing app and more.

Read more to learn which plugin is right for you.

**Do I need The Events Calendar to run Event Tickets?**

Nope! Event Tickets works with or without The Events Calendar. Even if you don’t have The Events Calendar, you can create RSVPs and tickets on WordPress pages and posts.

**Can I email attendees using Event Tickets?**

Yes. Event Tickets automatically sends an email confirmation after attendees register or RSVP for an event. If the attendee purchases a ticket, the confirmation email will also provide a ticket to scan at the door for admission.

**What add-ons are available for Event Tickets, and where can I read more about them?**

The following add-ons are available for The Events Calendar:

*   Events Calendar Pro, for adding premium calendar features like recurring events, advanced views, cool widgets, shortcodes, additional fields, and more!
*   Event Aggregator, a service that effortlessly fills your calendar with events from Meetup, Google Calendar, iCalendar, Eventbrite, CSV, and ICS.
*   Virtual Events, which optimizes your calendar for virtual events including Zoom integration, video and livestream embeds, SEO optimization for online events and more.
*   Event Tickets Plus, which allows you to sell tickets for your events using your favorite e-commerce platform.
*   Promoter, automated email communication made just for The Events Calendar and Event Tickets. Stay in touch with your attendees every step of the way.
*   Community Events, for allowing frontend event submission from your readers.
*   Community Tickets, which allows event organizers to sell tickets to the events they submit via Community Events.
*   Filter Bar, for adding advanced frontend filtering capabilities to your events calendar.
*   Eventbrite Tickets, for selling tickets to your event directly through Eventbrite.

**I have a feature idea. What’s the best way to tell you about it?**

We’ve got a LoopedIn page where we’re actively watching for feature ideas from the community. Vote up existing feature requests or add your own, and help us shape the future of the products business in a way that best meets the community’s needs.

**I’ve still got questions. Where can I find answers?**

Check out our extensive knowledgebase for articles on using, tweaking, and troubleshooting our plugins.

Both my client and myself are very disappointed with the modernization process of TEC + Tickets Pro to the Block Editor. Every step has been painful for over 6 months. We’ll be replacing this with a competing plugin.

Email support was good. Apart from referring to the manuals, as they should, they still investigated further and gave us a solution for our problem. Well done!

So many bug when it comes to payment and support is so so so slow. I am losing sales because to this. Using Stripe: Apple pay freezes No Way to turn off Apple Pay, turning it off doesnt save Can't validate webhook Support keeps asking me to create a staging to test, sure, but they take a week to reply. Some support staff even told me they have no experience with apple pay and it is not their feature, i mean...come on...its right there in your setting

Followed the documentation, but cannot get Stripe to validate webhook. Read other support threads and have confirmed that everything is in order as per the documentation. I was testing out the plugin, but given the time wasted, there is no way I will continue to use it to sell tickets if the free version which includes a 2% fee doesn't work, why would I bother upgrading to the premium version. Seem to much of a risk. Also, looking at people comments, it seems support is slow (they are constantly away from the office/out of the office. Look at other plugins out there.

Constant issues. Nearly impossible to make work. Stops working for no apparent reason. I make websites, used probably hundreds of different plugins over the years. This is in the top 5 worst. There is an easy/user friendly way to do things. This plugin does the opposite in nearly every avenue.

Despite having over 18 months of warning from EDD that their plugin needed updating, they have failed to make any progress whatsoever. They use incompatible, depreciated methods which means tickets sold do not have the attendees details saved, just the purchaser. If I could give this negative stars, I would.

Read all 130 reviews

“Event Tickets and Registration” is open source software. The following people have contributed to this plugin.

Contributors

**\[5.5.8\] 2023-02-22**

*   Version – Event Tickets 5.5.8 is only compatible with The Events Calendar 6.0.10 and higher.
*   Version – Event Tickets 5.5.8 is only compatible with Event Tickets Plus 5.6.7 and higher.
*   Tweak – PHP version compatibility bumped to PHP 7.4
*   Tweak – Version Composer updated to 2
*   Tweak – Version Node updated to 18.13.0
*   Tweak – Version NPM update to 8.19.3
*   Tweak – Reduce JavaScript bundle sizes for Blocks editor

**\[5.5.7\] 2023-02-09**

*   Enhancement – Added currency format options to alter currency decimal separator, thousand separator, and number of decimal places. \[ET-1608\]
*   Tweak – Updated Currency options in Tickets Commerce settings for Croatian users from Kuna (HRK) to Euro (EUR). \[ET-1625\]
*   Tweak – Updated Attendee Registration Fields upsell notice to only display in admin dashboard. \[CT-67\]
*   Fix – Resolve provisional IDs properly on the event edit screen for ticket management actions. \[ET-1632\]
*   Fix – Fixed Ticket Commerce cart cookies not getting saved. \[ET-1629\]
*   Language – 28 new strings added, 189 updated, 5 fuzzied, and 3 obsoleted

**\[5.5.6\] 2023-01-16**

*   Tweak – Updated the settings description for stock handling options. \[ET-1603\]
*   Tweak – Added the tribe-tickets__tickets-item--shared-capacity wrapper class for tickets having shared capacity. \[ETP-841\]
*   Tweak – Added a dashboard notice for sites running PHP versions lower than 7.4 to alert them that the minimum version of PHP is changing to 7.4 in February 2023.
*   Enhancement – Added search capabilities to the Tickets Commerce Orders report page. \[ET-1259\]
*   Fix – Allow loading attendance page with event_id params that use The Events Calendar provisional IDs. \[ET-1624\]
*   Language – 4 new strings added, 43 updated, 0 fuzzied, and 2 obsoleted

**\[5.5.5\] 2022-12-08**

*   Fix – Remove need for Platform Controls to verify webhook signatures in Stripe. \[ET-1508\]
*   Fix – Fixed the order of tickets in an event changing when you haven’t manually requested it. \[ET-1568\]
*   Fix – Fixed shared capacity tickets only showing the lowest capacity between the shared pool tickets. \[ETP-815\]
*   Tweak – Removed locale param for Tickets Commerce JS SDK as per PayPal recommendation. \[ET-1615\]
*   Language – 110 new strings added, 193 updated, 5 fuzzied, and 24 obsoleted

**\[5.5.4\] 2022-11-09**

*   Fix – Fixes multiple of the same ticket form being on the same page being out of sync. \[GTRIA-729\]
*   Fix – Added a JS event that checks for attendee label validation if ET+ is active. \[ETP-803\]

**\[5.5.3\] 2022-10-31**

*   Fix – Orderby param not working for Attendee archive REST API. \[ET-1591\]
*   Fix – Properly save the check-in details for attendees on check-in. \[ETP-819\]
*   Fix – TicketsCommerce ticketed events not showing up for Events REST API. \[ET-1567\]
*   Fix – Update version of Firebase/JWT in Common from 5.x to 6.3.0
*   Enhancement – Added support for name and email param for searching in Attendee archive REST API. \[ET-1591\]
*   Enhancement – Add template tag to properly check if The Events Calendar is active. \[ETP-820\]
*   Enhancement – Add attendance information to the events REST API endpoint. \[ET-1580\]
*   Enhancement – Add check_in argument support for attendees REST API endpoint. \[ET-1588\]
*   Language – 0 new strings added, 18 updated, 0 fuzzied, and 0 obsoleted

**\[5.5.2\] 2022-10-20**

*   Fix – Update version of Firebase/JWT in Common from 5.x to 6.3.0

**\[5.5.1\] 2022-09-22**

*   Fix – Listing tickets is no longer limited by the global settings. \[ET-1584\]
*   Fix – Correct parameter type hinting when param can be null. \[ET-1582\]
*   Fix – Showing Checkout not available and credit card fields at the same time for PayPal gateway in TicketsCommerce. \[ETP-812\]
*   Language – 0 new strings added, 1 updated, 0 fuzzied, and 0 obsoleted

**\[5.5.0\] 2022-09-06**

*   Version – Event Tickets 5.5.0 is only compatible with The Events Calendar 6.0.0 and higher.
*   Version – Event Tickets 5.5.0 is only compatible with Event Tickets Plus 5.6.0 and higher.
*   Enhancement – Adds a compatibility layer to work with the new Recurrence Backend Engine in TEC/ECP.
*   Language – 4 new strings added, 49 updated, 0 fuzzied, and 3 obsoleted

See changelog for all versions

CVE-2019-16120: Event Tickets and Registration

xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).

CVE-2016-10894: #830726 - xtrlock: CVE-2016-10894: xtrlock does not block multitouch events

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.

CVE-2019-5448: notes/Yarn-vuln.md at master · ChALkeR/notes

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.

**New Version (coming soon)**  
_Now in 2019, we release new version multiple times a week and sometimes even multiple times per day._

**Version 0.9.8.651 – 0.9.8.747 (released 21/05/2018-09/12/2018 )**

Security  
– **\[New Feature\]** Implementation of anti XSS token for the GUI

New WebServers  
– **\[New Feature\]** Define per domain webservers, now you can use different webservers per domain  
– **\[New Feature\]** prepared for AI-Robot so Artificial Intelligence can take over the control on it  
– **\[New Feature\]** Define global default server vhost templates for apache/nginx/varnish/php-fpm  
– **\[New Feature\]** Define per domain vhost templates for apache/nginx/varnish/php-fpm  
– **\[New Feature\]** Error detection in vhost build for apache/nginx/varnish/php-fpm  
– **\[UPDATE\]** latest versions of the webservers apache/nginx/varnish  
– **\[UPDATE\]** AutoSSL: more stable domain validation check

New Varnish  
– **\[New Feature\]** Varnish makes your site look like static html, it doesn’t need to run php-cgi/php-fpm for each request.  
– **\[New Feature\]** Website continues to work as cached even if apache is down  
– **\[New Feature\]** more advanced templates with better cache in memory  
– **\[New Feature\]** per domain templates and configs which you can modify and build your own  
– **\[New Feature\]** it can run now as a cache server in front of Tomcat,nodejs,ruby…

AI-Robot (Artificial Intelligence for cwp)  
Artificial intelligence integration, we have integrated “AI-Robot” artificial intelligence system which has started to learn system issues and soon it will be able to handle errors and automatically recover the system services.

PHP/PHP-FPM  
– **\[New Feature\]** PHP-FPM default setup with cache and with fastest unix sockets  
– **\[New Feature\]** PHP Pecl Manager for all PHP builders  
– **\[New Feature\]** PHP-FPM Selector with many custom options (automatic install of dependencies)  
– **\[New Feature\]** Predefined vhost templates for better performances  
– **\[New Feature\]** Custom templates for php-fpm, you can use custom per domain  
– **\[UPDATE\]** latest versions of the PHP  
– **\[UPDATE\]** New PHP 7.3.0, please use only for beta testing  
– **\[UPDATE\]** for all php builders automatic detection if build is already running  
– **\[UPDATE\]** PHP Selector with many versions and options (automatic install of dependencies)

Other Modules  
– **\[New Feature\]** New DNS Zone Editor with error detection and now much more advanced  
– **\[New Feature\]** New Mod Security Manager  
– **\[New Feature\]** Automatic update manager for 3rdParty scripts like, roundcube, phpmyadmin…  
– **\[New Feature\]** User notifications  
– **\[UPDATE\]** Improved cwp to cwp migration tool, we are still working on it to make it even better  
– **\[UPDATE\]** MySQL Manager: edit user password

**User Panel \[New Design\]**  
– **\[SECURITY\]** Implementation of anti XSS token for the GUI  
– **\[New Feature\]** New Advanced File Manager  
– **\[New Feature\]** New Modern Design  
– **\[New Feature\]** Search integration for menu and icons  
– **\[New Feature\]** Sound alerts  
– **\[New Feature\]** Pagination for all modules  
– **\[New Feature\]** Advanced editor integration for php.ini  
– **\[UPDATE\]** Cron Manager error detection  
\* We have also fixed many other reported bugs

**Version 0.9.8.448 – 0.9.8.651 (released 08/02/2018-21/05/2018)**  
– **\[New Feature\]** cgroups for centos 7 (limit resource per user, eg. set cpu limit to 50%)  
– **\[New Feature\]** Main left menu search option  
– **\[New Feature\]** Manage User crons from the admin panel  
– **\[New Feature\]** New Notifications handler with email alerts  
– **\[New Feature\]** New Ulimits Module -Show all user processes and limits (good for debugging)  
– **\[New Feature\]** Monit Monitoring (advanced tool for monitoring server services and resources)  
– **\[New Feature\]** MySQL Manager now has security and optimization tests integrated  
– **\[New Feature\]** Security Tools – Maldet Scan – Scan websites for malware  
– **\[New Feature\]** Security Tools – RKHunter Scan – Scan server for rootkits, backdoors  
– **\[New Feature\]** Security Tools – Lynis Scan – Scan server for system hardening  
– **\[New Feature\]** Security Tools – Symlink scan – Scan user accounts for symlinks  
– **\[UPDATE\]** New SSL Manager with additional auto-download for chain certificates  
– **\[UPDATE\]** Latest PHP versions (used in switcher/selector)  
– **\[UPDATE\]** Apache latest version rpm + rebuilder/compiler  
– **\[UPDATE\]** New Security checks in the Security Advisor via new notifications  
– **\[BUGFIX\]** Fixed all reported bugs with the cpanel account migration  
– **\[BUGFIX\]** Fixed bugs in the account transfer tool  
– **\[BUGFIX\]** Fixed bugs in the Mail server manager related to rebuild  
– **\[BUGFIX\]** Fixed bugs with API

**User Panel \[\]**  
– **\[SECURITY\]** Big security update for user panel, many issues have been resolved  
– **\[New Feature\]** AutoSSL- Install/remove Free SSL from the user panel  
– **\[UPDATE\]** Improved DNS zone editor

\* We have also fixed many other reported bugs

**Version 0.9.8.359 – 0.9.8.448** (released 29/09/2017-07/02/2018)  
– **\[UPDATE\]** PHP 7.2  
– **\[UPDATE\]** New admin panel design upgrade  
– **\[New Feature\]** Theme manager for User Panel  
– **\[New Feature\]** Language manager for User Panel  
– **\[New Feature\]** New cPanel migration tool running in background  
– **\[New Feature\]** New CWP to CWP migration tool  
– **\[New Feature\]** New Advanced Backup Manager  
– **\[New Feature\]** New Advanced API Manager with permissions

**New user Panel** (demo)  
– **\[New Feature\]** All new, too many things to have them listed here, you simply need to check it!  
Fixed many many other reported bugs

**Version 0.9.8.334 – 0.9.8.359** (released 26/06-29/09/2017)  
– **\[UPDATE\]** Added Apache 2.4.26, 2.4.27  
– **\[UPDATE\]** PHP 5.6.31, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.1.6, 7.1.7, 7.1.9, 7.1.10  
– **\[UPDATE\]** PHP selector delete unwanted php version with single click  
– **\[UPDATE\]** AutoSSL: manualy start and force auto renewal  
– **\[New Feature\]** Included manager for new user panel compatibility

– **\[BUGFIX\]** IonCube installer fixed issue with php 7.0 & 7.1  
– **\[BUGFIX\]** Zendguard loader5.5, 5.6 improved installer  
– **\[BUGFIX\]** AutoSSL reported bugs fixed  
– **\[BUGFIX\]** Improved security  
Fixed many other reported bugs

**Version 0.9.8.315 – 0.9.8.333** (released 28/04-25/06/2017)  
– **\[UPDATE\]** detailed cleanup of removed accounts  
– **\[UPDATE\]** yum manager improvement  
– **\[UPDATE\]** New PHP versions added 7.0.20 and 7.1.5  
– **\[UPDATE\]** php selector new versions of php  
– **\[UPDATE\]** apache 2.4.26 (has security updates)  
– **\[New Feature\]** new ftp manager for admin  
– **\[New Feature\]** bandwidth monitor (incoming/outgoing for all interfaces)

– **\[BUGFIX\]** php switcher bug fix  
– **\[BUGFIX\]** autossl bugfix  
– **\[BUGFIX\]** mod security installer bug fix  
– **\[BUGFIX\]** vhost rebuild bug fix  
– **\[BUGFIX\]** mail queue module bug fix  
– **\[BUGFIX\]** mail explorer module bug fix  
Fixed many other reported bugs

**Version 0.9.8.291 – 0.9.8.314** (released 23/03-28/04/2017)  
– **\[UPDATE\]** New PHP versions added 7.0.18 and 7.1.4  
– **\[UPDATE\]** Improved SSL Manager (fixed autoSSL bugs)  
– **\[UPDATE\]** Improved backups (now weekly and monthly use hard links and can reduce total backup size up to 65%)  
– **\[New Feature\]** Ajax disk usage checker (check your disk space usage per folder)  
– **\[New Feature\]** New Varnish configuration editor  
– **\[New CWPpro\]** Yum Package and Repository Manager  
– **\[SECURITY\]** SECURITY BUG FIXED  
Prevention of Cross-site Scripting (XSS) Attack ​by Esmaeil Rahimian (Security Research from SecureHost) Rahimian@securehost.co  
Fixed many other reported bugs

**Version 0.9.8.266 – 0.9.8.290** (released 01-22/03/2017)  
– **\[BUGFIX\]** ioncube update scripts  
– **\[BUGFIX\]** sysstat graph errors  
– **\[BUGFIX\]** PHP Selector fixed php 7  
– **\[BUGFIX\]** Advanced File Manager bugs  
– **\[BUGFIX\]** Mail Server rebuild  
– **\[BUGFIX\]** SSL redirection for cwp services  
– **\[BUGFIX\]** Fixed security advisor multiple messages  
– **\[UPDATE\]** Php Switcher new additional modules and new php versions  
– **\[UPDATE\]** PHP Selector update of all php versions and added php 7.0, 7.1  
– **\[UPDATE\]** SSL Cert Manager now with more detailed info from the certificate files  
– **\[New Feature\]** AutoSSL option when creating new account, domain or subdomain from admin panel  
– **\[New Feature\]** AutoSSL for Hostname  
– **\[New Feature\]** Nice and Fast Ajax upgrade for list accounts, domains and subdomains.  
– **\[New Feature\]** New Varnish configuration editor  
– **\[CWPpro\]** Yum, number of available packages upgrades at login into cwp

**Version 0.9.8.250 – 0.9.8.265** (released 21-28/02/2017)  
– **\[New Feature\]** Sysstat graphs  
– **\[UPDATE\]** Higher grade for apache SSL  
– **\[UPDATE\]** PHP Switcher\_v2 Configuration Upgrade and Bugs Fixed  
– **\[BUGFIX\]** File Manager bug fixed, and few smaller bug in the gui

**Version 0.9.8.248 – 0.9.8.249** (released 21/02/2017)  
– **\[UPDATE\]** PHP Switcher added extensions: intl, pspell, tidy, wddx  
– **\[BUGFIX\]** Fixed several bugs

**Version 0.9.8.240 – 0.9.8.247** (released 17/02/2017)  
– **\[New Feature\]** NEW friendly PHP Version Switcher with many addons and more to come…  
– **\[UPDATE\]** Update of PHP versions: 7.1.2, 7.0.16, 5.6.30  
– **\[Old Removed\]** Old PHP Version Switcher removed from the left menu but still exists.  
– **\[BUGFIX\]** Fixed several bugs

**Version 0.9.8.239** (released 13/02/2017)  
– **\[BUGFIX\]** Fixed bug with softaculous remove mysql user.

**Version 0.9.8.237 & 0.9.8.238** (released 11/02/2017)  
– **\[New Feature\]** LiteSpeed Enterprise integration with CWP

**13/02/2017**  
…we were working very hard to make CWP work with CentOS 7 so we have done many changes are unfortunately there is no any info what was done before in which version.

CVE-2019-13385: ChangeLog for CentOS 7 | Control Web Panel

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request.

  
-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

Advisory ID: SYSS-2019-024  
Product: FANUC Robotics Virtual Robot Controller  
Manufacturer: FANUC Robotics America, Inc.  
Affected Version(s): V8.23  
Tested Version(s): V8.23  
Vulnerability Type: Stack-based Buffer Overflow (CWE-121)   
Risk Level: High  
Solution Status: Open  
Manufacturer Notification: 2019-05-22  
Solution Date: ?  
Public Disclosure: 2019-07-15  
CVE Reference: CVE-2019-13585  
Author of Advisory: Sebastian Hamann, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

FANUC Robotics Virtual Robot Controller is an application for  
programming simulated industry robots.

Due to a stack-based buffer overflow, the remote admin web server  
(vrimserve.exe) is vulnerable to denial-of-service and remote code  
execution attacks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

vrimserve.exe offers an HTTP service on TCP port 8090, which can be used  
to control virtual robots and view their log files.

A buffer overflow vulnerability was discovered in the log viewer  
functionality. By sending a specially crafted HTTP request to the HTTP  
server, the application can be crashed causing a denial-of-service  
condition.

Remote code execution may also be possible, but was not confirmed  
by SySS GmbH. Gaining control over the instruction pointer (EIP) of this  
32 bit application by exploiting the stack-based buffer overflow  
vulnerability was successful.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

SySS GmbH developed a proof-of-concept exploit that crashes  
vrimserve.exe. It is to note that the exploit gives control over the EIP  
register, which is an important prerequisite for remote code execution.

curl "http://${target_host}:8090/namedrobots/folder/dir/<1268 bytes>BBBBCCCCCCCCC"

The bytes denoted as B overwrite the EIP register.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

The vendor has not yet released a security update.

It is recommended not making the remote admin web server (vrimserve.exe)  
available to untrusted networks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2019-04-23: Vulnerability discovered  
2019-05-22: Vulnerability reported to manufacturer  
2019-07-15: Public release of SySS security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Manufacturer website:  
    https://www.fanucamerica.com/  
[2] SySS Security Advisory SYSS-2019-024  
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-024.txt  
[3] SySS Responsible Disclosure Policy  
    https://www.syss.de/en/news/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Sebastian Hamann of SySS GmbH.

E-Mail: sebastian.hamann@syss.de  
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Sebastian_Hamann.asc  
Key ID: 0x9CE0E440429D8B96  
Key Fingerprint: F643 DF21 62C4 7C53 7DB2 8BA1 9CE0 E440 429D 8B96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"   
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS Web  
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9kPfIWLEfFN9souhnODkQEKdi5YFAl0snAwACgkQnODkQEKd  
i5ZIqw//bdjzLHzqTtVHEnqFDORa1xmD9478c/57WBKW+kVH/NMupv5CwjsFEJvq  
hhY/Ju1Yl+m0kz3R+orHKgUw6VTdfAiogOS/OIW+8yozUQ1lPRDhKcKe/Ai2X2kj  
/A/y8mgR43AX2ddcf6tr5XeOeJHgzK3Up8y0fbkvRPQ7aszzWRYCQr4CmXtSsaAf  
qxg5fzBwzVEHhDni/tBe6bCqBmV9r+4yi0L2BGV+Cxo08gbsLkAiIhUHJnLG1GbM  
mKYFk7v+8JecXEIu12ZiH8Zofn9p2ePeQw/u64VsuUJ+dCJMlyLeAOgXpQiIIt8z  
dNj5MS6w37b+4Dc/C7mlfDb9GPGGMyhyK5+TX8KT5LG1MVOyYocnbrD23xSRNSAi  
8HhLszTyXcXwkKhsRWelvrEcxaiIsm5y0/4X2gJ/PeTkZNlOPgyD3xv7bth3jUYK  
Bcb7NSgp+5FZcaG/moT1W5zL7WFj9wnFd2w4glIPVDUtgy5FQM0cdnGNr1KNvqZB  
Esn3Tylbmzt7uQKuT/pZOFk1QQ8VoSnPmyWB6tyBFhTCZxfR+V+MKTIPrCFjrvpQ  
D/XDcAT5gqZQHPVK3FI6T8TqF2wS5xoHfNJcPdh6r52puREImY509sze6VWUfzpp  
3hfYCusmlwJye9+cbllFCiLNegSNCDBS+nDrRCCXd3QaoOYjls4=  
=hm7Q  
-----END PGP SIGNATURE-----

CVE-2019-13585: FANUC Robotics Virtual Robot Controller 8.23 Buffer Overflow ≈ Packet Storm

A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.

CVE-2019-5447

Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows an attacker to decrypt an arbitrary message when the GnuPG backend is used in Mailvelope.

CVE-2019-9149: mailvelope/Changelog.md at master · mailvelope/mailvelope

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

Tag

#nodejs