diff --git a/changelog.txt b/changelog.txt index 020e8c31..888d7c1b 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,5 +1,14 @@ == Changelog == += 2.10.4 May 15, 2025 = + +* Bugfixes: + + - Fixed: Security issue CVE ID: CVE-2025-47691. Used "sniccowp/php-scoper-wordpress-excludes" for getting the recent WordPress functions list and added them to the dynamic blacklist based on the WordPress version. + - Fixed: The Action Scheduler action `um_set_default_account_status`. Case when some users were approved manually or deleted, and we need to reset the admin notice. Added `error_log()` to the wrong conditions. + - Fixed: Reset Password request from not a predefined password reset page. It's possible to submit reset password form sitewide using block or shortcode. + - Fixed: Setting 'Allow users to change email' for the Account page. It works now for any role instead of only the roles with 'Can edit other member accounts?' capability enabled. + = 2.10.3 April 24, 2025 = * Enhancements: diff --git a/readme.txt b/readme.txt index c8c1fbe1..e22d12d7 100644 --- a/readme.txt +++ b/readme.txt @@ -6,7 +6,7 @@ Tags: community, member, membership, user-profile, user-registration Requires PHP: 7.0 Requires at least: 6.2 Tested up to: 6.8 -Stable tag: 2.10.3 +Stable tag: 2.10.4 License: GPLv3 License URI: http://www.gnu.org/licenses/gpl-3.0.txt @@ -167,13 +167,14 @@ No specific extensions are needed. But we highly recommended keep active these P IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION -= 2.10.4 2025-05-14 = += 2.10.4 2025-05-15 = **Bugfixes** * Fixed: Security issue CVE ID: CVE-2025-47691. Used "sniccowp/php-scoper-wordpress-excludes" for getting the recent WordPress functions list and added them to the dynamic blacklist based on the WordPress version. * Fixed: The Action Scheduler action `um_set_default_account_status`. Case when some users were approved manually or deleted, and we need to reset the admin notice. Added `error_log()` to the wrong conditions. * Fixed: Reset Password request from not a predefined password reset page. It's possible to submit reset password form sitewide using block or shortcode. +* Fixed: Setting 'Allow users to change email' for the Account page. It works now for any role instead of only the roles with 'Can edit other member accounts?' capability enabled. = 2.10.3 2025-04-24 = diff --git a/ultimate-member.php b/ultimate-member.php index 34455372..15a0cd4d 100644 --- a/ultimate-member.php +++ b/ultimate-member.php @@ -3,7 +3,7 @@ * Plugin Name: Ultimate Member * Plugin URI: http://ultimatemember.com/ * Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress - * Version: 2.10.4-alpha + * Version: 2.10.4 * Author: Ultimate Member * Author URI: http://ultimatemember.com/ * Text Domain: ultimate-member