Update to version 2.10.1 with critical security fixes

This release addresses a security vulnerability (CVE-2025-1702) and includes several bugfixes, such as honeypot script handling and activation link behavior. Users must flush cached assets (JS/CSS) after upgrading to ensure proper functionality. Upgrade immediately for improved security and stability.

.wordpress-org/blueprints/blueprint.json

@@ -15,7 +15,7 @@
             "step": "installPlugin",
             "pluginZipFile": {
                 "resource": "url",
-                "url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.0.zip"
+                "url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.1.zip"
             },
             "options": {
                 "activate": true

README.md

@@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version
 
 ### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
 
-[Official Release Version: 2.10.0](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.0).
+[Official Release Version: 2.10.1](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.1).
 
 ## Changelog
 

changelog.txt

@@ -1,5 +1,15 @@
 == Changelog ==
 
+= 2.10.1 March 03, 2025 =
+
+* Bugfixes:
+
+  - Fixed: Security issue CVE ID: CVE-2025-1702.
+  - Fixed: Activation link redirects to Reset Password after registration without password field and required email activation.
+  - Fixed: Honeypot scripts/styles for themes without pre-rendered shortcodes. Enqueue honeypot scripts/styles everytime.
+
+* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade *
+
 = 2.10.0 February 18, 2025 =
 
 * Enhancements:

readme.txt

@@ -6,7 +6,7 @@ Tags: community, member, membership, user-profile, user-registration
 Requires PHP: 7.0
 Requires at least: 6.2
 Tested up to: 6.7
-Stable tag: 2.10.0
+Stable tag: 2.10.1
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.txt
 
@@ -167,6 +167,16 @@ No specific extensions are needed. But we highly recommended keep active these P
 
 IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
 
+= 2.10.1 2025-03-03 =
+
+**Bugfixes**
+
+* Fixed: Security issue CVE ID: CVE-2025-1702.
+* Fixed: Activation link redirects to Reset Password after registration without password field and required email activation.
+* Fixed: Honeypot scripts/styles for themes without pre-rendered shortcodes. Enqueue honeypot scripts/styles everytime.
+
+**Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade**
+
 = 2.10.0 2025-02-18 =
 
 **Enhancements**
@@ -267,6 +277,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
 
 == Upgrade Notice ==
 
+= 2.10.1 =
+This version fixes a security related bug. Upgrade immediately.
+
 = 2.10.0 =
 Increased the minimum PHP and WordPress requirements. The plugin now requires at least PHP 7.0 and WordPress 6.2. This version fixes a security related bug. Upgrade immediately.
 

ultimate-member.php

@@ -3,7 +3,7 @@
  * Plugin Name: Ultimate Member
  * Plugin URI: http://ultimatemember.com/
  * Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
- * Version: 2.10.0
+ * Version: 2.10.1
  * Author: Ultimate Member
  * Author URI: http://ultimatemember.com/
  * Text Domain: ultimate-member