Latest releases

Security: Authenticated (Contributor+) Stored Cross-Site Scripting, reported by Peter Thaleikis

Security: Sanitize GPS coordinates, fixes Cross Site Scripting, reported by preo

Security: Fix Cross Site Scripting, reported by Peter Thaleikis

Security: Fix vulnerability to XSS in shortcode Ensure that date is well formated in shortcode

Security: Fix vulnerability to local file inclusion

Fixed a bug that display html as string in event calendar blocks Fixed javascript warning in event map block

Security: Fix authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Uses bulk_edit_posts hook, fixes lack of verification in bulk edit Escape some outputs Fix missing jQuery dependency in timeline-block Misc: De-index not existing "Event-post front" and "Event-post admin" blocks Add main global EventPost object for JS variables Allows to skip deprecation error Adds instructions for translators Limit number of tags in plugin README Now requires WordPress 6.3

Fix quick edit fields

Fix call of Wp_Query in EventPost\Children Fix display of hours in timepicker for AM/PM format Fix saving of timeline schemas settings Use wp_json_encode instead of json_encode Use rawurlencode instead of urlencode Adds instructions for translators

Fix doing_it_wrong calls in legacy widgets Escape HTML & outputs

Security: Fixes XSS vuln in event metadata (https://patchstack.com/database/report-preview/8edeb59a-59e6-42aa-8ed4-5f79cdedf820) Features: Adds "Completed" event status Misc: Refactor source of blocks with wordpress-scripts Improves WordPress's PHPCS compliance Fix deprecated gmt_offset Mark legacy widgets as deprecated Fix warnings in PHP8+

Fix December month on native datepicker