Security Issue – Latest version creating WordPress Users for event attendees

  • Resolved markd33

    (@markd33)


    4 years ago

    The latest version of your plugin 5.1 is creating WordPress subscribers for folks that are signing up as attendees for events. Prior to this version it never happened. We have user registration disabled and it’s creating them anyway.

    While it’s not technically a security vulnerability to have “subscribers” in WordPress. This plugin should not create any users in the WordPress system if not specifically allowed. Or if it’s an intended feature, there should be a way to disable it.

    If there’s an official recommendation to prevent this functionality, we haven’t found it.

Viewing 2 replies - 1 through 2 (of 2 total)
  • jeremy80

    (@jeremy80)

    Hello,

    Just wanted to let you know that a new maintenance release is out, including a fix for the issue that you were experiencing.

    Find out more about this release → https://theeventscalendar.com/release-notes/event-tickets/event-tickets-5-1-1/

    Please try updating and let us know if you are experiencing any further issues. As always, we recommend running updates on your staging site before doing so on your live site, just to be on the safe side.

    Thanks again for your patience while we worked on getting this fixed!

    Cheers,
    Jeremy

    Thread Starter markd33

    (@markd33)

    Confirmed, and thank you for the quick update.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security Issue – Latest version creating WordPress Users for event attendees’ is closed to new replies.