Thank you @caordawebsol for updating us we are currently working with patchstack to get a full report on this issue and get this resolved for everyone that is using EventON and EventON Lite 🙂
@ashanjay I completely understand that this is not going to be an easy fix. My client loves your plugin and considers it a ‘must have’. At the same time maintaining client sites for security is my role, and therefore I am quite concerned. The the security warning is now 14 days old, although I don’t have any indication you were informed promptly at that time. Do you have any news or timeline to share with us?
Thank you
Hello friends. We just finally got the full report from patchstack. It is a vulnerability related to system log flush. The proper validations were added in versino 4.9.9 for EventON.
They have also updated the version number here https://patchstack.com/database/wordpress/plugin/eventon/vulnerability/wordpress-eventon-plugin-4-9-9-broken-access-control-vulnerability
We will push forward with 4.9.10 soon to flush out these notice issues. Please allow us couple of days to get this out.
Greatly appreciate your patience and understanding!
