Reported vulnerability - Patch availible?

[RastaRevolution-ai]

Hello everyone,
I am currently using WordPress version 6.9.
Get a message from a security tool that there is a security vulnerability for the Event Organizer plug-in.
See also: https://patchstack.com/database/wordpress/plugin/event-organiser/vulnerability/wordpress-event-organiser-plugin-3-12-8-broken-access-control-vulnerability

The plug-in used is version 3.12.8. Will there be an update to close the vulnerability?

[christianwach]

@RastaRevolution-ai I wouldn't hold your breath for an update. Stephen seems to be busy with other things 🤷

FYI there are 2 issues flagged:

1. Possibly unauthorised access to lists of Venues in this AJAX callback
2. Possibly unexpected changes to a logged-in User's 24/12 hour setting in this AJAX callback

Neither is harmful unless your site keeps its Venues secret (unlikely) or your Users' 24/12 hour setting is particularly sensitive (highly doubtful).