- by Bastien HoFix geocoding with Nominatim: use HTTPS, add User-agent and referer for API calls Add explicit Nominatim attribution in geocoding tool Fix XSS vulnerability when the HTML tag in event_type was forced, reported by Muhammad Yudha – DJ
- by Bastien HoFix broken HTML for container_schema
- by Bastien HoSecurity: Fix XSS vulnerability in events_list shortcode for item_schema and container_schema attributes, reported by Peter Thaleikis Update dependencies
- by Bastien HoEnsure script is loaded in shortcode context Fix "undefined" price in map
- by Bastien HoAdd support for organization / remote offer in rich event data Manage multiple maps on single page Security: Escape attributes in custom boxes Fix too much escaped HTML in eventpost/details block Fix missing script for single map link Disambiguate event_category class Remove deprecated FILTER_SANITIZE_STRING Moves Weather to EventPost namespace Re-order hooks, fix warnings
- by Bastien Hofix save_bulkdatas(): Add nonce verification for security, reported by Francesco Carlucci fix ltrim() Passing null to parameter 1, reported by ov3rfly
- by Bastien HoSecurity: Authenticated (Contributor+) Stored Cross-Site Scripting, reported by Peter Thaleikis
- by Bastien HoSecurity: Sanitize GPS coordinates, fixes Cross Site Scripting, reported by preo
- by Bastien HoSecurity: Fix Cross Site Scripting, reported by Peter Thaleikis
- by Bastien HoSecurity: Fix vulnerability to XSS inshortcode Ensure that date is well formated in
A calendar of events 2025OctS M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 shortcodeA calendar of events 2025OctS M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 - by Bastien HoSecurity: Fix vulnerability to local file inclusion
- by Bastien HoFixed a bug that display html as string in event calendar blocks Fixed javascript warning in event map block