Plugin Contributor
Brian
(@brianjessee)
Hello
Thanks SO much for bringing this up!
The good news is that there is no malware. You are totally fine.
The bad news is that it looks like we errantly included some of the files we use in development in the final release and need to remove them and repackage the plugin.
In the meantime, will you please revert back to 3.12.2? You can snag a copy of that here on this site by logging int and heading to My Account > Downloads.
I’m so sorry for the trouble here but am thankful you brought it up early so we can fix it ASAP.
Also since you are a Pro Customer we will respond to you quicker by posting in the commercial support forums here:
https://theeventscalendar.com/support/forums/
You’re welcome.
Here on WordPess.org? If so, i can’t find My Account>Downloads.
Lisa
Plugin Contributor
Brian
(@brianjessee)
Hi,
Nope on theeventscalendar.com
That is the only place you can get Pro.
We did release Pro 3.12.4 to fix this issue as well.
The Events Calendar, regardless of version, is triggering a malware threat on sophos.com: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~HTMLGen-A.aspx Sophos has flagged all versions of the plugin, because it only sees the “the-events-calendar” and not the version number. Sophos is also flagging any styling with “tribe-events” in the CSS.
When will Modern Tribe release a clean version of the non-pro plugin and get the tool off the threat list?
Howdy DXMATZ,
There are no known security vulnerabilities in our plugin. We have on extremely rare occasion found one or tow in the past, or had them reported to us, and they were promptly addressed. Sometimes even within 24 hours a patch was released. If you are aware of any vulnerability please privately disclose it to us and we will take prompt action.
Cheers!
– Brook
