From f89b29426a13ea86c1be17d809843881851f2d75 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Tue, 15 Apr 2025 18:08:44 +0300
Subject: [PATCH] Add validation for banned and blacklisted custom fields.

This update enhances security by introducing checks for banned and blacklisted meta keys in custom fields. It includes CSS updates for admin builder styles and ensures banned fields are flagged accurately in the site health tool.
---
 assets/css/admin/builder.css                |  15 +++
 assets/css/admin/builder.min.css            |   2 +-
 assets/css/admin/builder.sass               |  12 ++
 includes/admin/class-site-health.php        | 119 ++++++++++----------
 includes/admin/core/class-admin-builder.php |   3 +
 includes/core/class-builtin.php             |   8 +-
 includes/core/class-user.php                |   3 -
 7 files changed, 95 insertions(+), 67 deletions(-)

diff --git a/assets/css/admin/builder.css b/assets/css/admin/builder.css
index fe28aca1..83959bf3 100644
--- a/assets/css/admin/builder.css
+++ b/assets/css/admin/builder.css
@@ -495,6 +495,11 @@
   line-height: 18px;
   margin: 0 0 10px 0;
 }
+.um-admin-drag-col.cols-3 .um-admin-drag-fld-banned {
+  height: auto;
+  line-height: 18px;
+  margin: 0 0 10px 0;
+}
 .um-admin-drag-col.cols-3 .um-admin-drag-fld-icons {
   float: none;
   position: absolute;
@@ -600,6 +605,16 @@
   color: #fff;
 }
 
+.um-admin-drag-fld-banned {
+  float: left;
+  font-size: 13px;
+  height: 30px;
+  line-height: 30px;
+  margin: 0 0 0 20px;
+  font-weight: 400;
+  color: var(--um-blocks-error-color, #d92d20);
+}
+
 .um-admin-drag-fld-icons {
   float: right;
 }
diff --git a/assets/css/admin/builder.min.css b/assets/css/admin/builder.min.css
index 184ab039..83cc04a0 100644
--- a/assets/css/admin/builder.min.css
+++ b/assets/css/admin/builder.min.css
@@ -1 +1 @@
-@-webkit-keyframes um-ajax-spinning{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@-moz-keyframes um-ajax-spinning{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@-ms-keyframes um-ajax-spinning{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes um-ajax-spinning{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}.um-admin-row-loading{position:absolute;width:100%;height:calc(100% + 30px);top:-30px;left:0;background:rgba(241,241,241,.6);z-index:999;display:none}.um-admin-row-loading>span{display:block;-webkit-transition:.1s opacity;-moz-transition:.1s opacity;-ms-transition:.1s opacity;-o-transition:.1s opacity;transition:.1s opacity;color:#c6c6c6!important;-webkit-animation:um-ajax-spinning 1.1s infinite linear;animation:um-ajax-spinning 1.1s infinite linear;border-top:.2em solid #000;border-right:.2em solid #000;border-bottom:.2em solid #000;border-left:.2em solid #c6c6c6;font-size:1.75em;-ms-transform:translateZ(0);transform:translateZ(0);border-radius:50%;width:40px;height:40px;margin:-20px 0 0 -20px;outline:0;padding:0;vertical-align:baseline;position:absolute;left:50%;top:50%}.um-admin-boxed-links{width:100%;text-align:center}.um-admin-boxed-links a{width:33.3%;float:left;border-left:1px solid #fff;border-right:1px solid #fff;padding:30px 25px!important;background:#f8f8f8;text-align:center;display:inline-block!important;font-size:14px;transition:all .2s linear;text-decoration:none;color:#666;margin:0!important;box-sizing:border-box!important;border-radius:2px;font-weight:600}.um-admin-boxed-links a:hover{background:#eee}.um-admin-boxed-links a.um-admin-activebg{background:#0085ba;color:#fff}.um-admin-boxed-links a.um-admin-activebg:hover{background:#0085ba;color:#fff}.um-admin-boxed-links i{font-size:28px;vertical-align:middle;margin:0 10px 0 0}.um-admin-half{float:left;width:48%}.um-admin-half select{box-sizing:border-box}.um-admin-half.um-admin-right{float:right}.um-admin-half p:first-child{margin-top:0}.um-admin-half .um{opacity:1;margin-bottom:0!important}.um-admin-tri{float:left;width:33%;position:relative}.um-admin-tri[data-select2-id]{position:relative}._heading_text[data-select2-id]{position:relative}.um-admin-error-block,.um-admin-success-block{display:none;width:100%;background:#c74a4a;border-radius:3px;color:#fff;box-sizing:border-box;position:relative;padding:12px;font-size:13px;line-height:1em!important;margin:0 0 16px 0}.um-admin-success-block{background:#7acf58}.um-admin-cur-condition-template{display:none}.dynamic-mce-content{display:none}.um-admin-btns{line-height:1.5em;margin:0 0 5px 0;display:flex;flex-direction:row;justify-content:flex-start;align-items:baseline;flex-wrap:wrap}.um-admin-btns .um-no-custom-fields{margin:0}.um-admin-btns a{margin:0 3px 8px 0!important;font-size:12px!important;display:flex;flex-direction:row;justify-content:flex-start;align-items:center;flex-wrap:nowrap;display:flex!important}.um-admin-btns a.with-icon span{color:#aaa;font-size:15px!important;padding-left:5px;height:auto;width:auto}.um-admin-btns a.with-icon:hover span{color:#cb3838}.um-admin-btn-toggle{padding:10px 0}.um-admin-btn-toggle p{margin:0 5px 0 0!important}.um-admin-btn-toggle p.um-admin-reset-conditions a{margin-bottom:5px}.um-admin-btn-toggle a{text-decoration:none;color:#999}.um-admin-btn-toggle a.um-admin-new-condition{margin-bottom:5px}.um-admin-btn-toggle a.active{color:#0085ba}.um-admin-btn-toggle a.active:hover{color:#0085ba}.um-admin-btn-toggle i{margin:0 5px 0 0!important;height:100%;color:#666;position:relative;top:1px}.um-admin-btn-content{display:none;padding:5px 0 0 0}.um-admin-btn-content p{float:left;margin-right:10px!important;padding:0!important}.um-admin-btn-content p.um-admin-conditions-notice{width:100%;margin:0 0 9px 0!important}.um-admin-btn-content .um-admin-cur-condition:not(:last-child){margin:0 0 5px 0}.um-admin-builder i{font-size:15px!important;height:100%!important;line-height:100%!important;margin:0 5px 0 0!important}.um-admin-builder .um-admin-drag{margin-top:40px}.um-admin-drag-add-field{display:block;width:100%;height:30px;line-height:30px;text-align:center;color:#aaa;text-decoration:none}.um-admin-drag-add-field:hover{color:#0085ba}.um-admin-drag-add-field i{font-size:23px!important;margin:0!important}.um-admin-drag-ctrls{position:absolute;top:-30px;left:0}.um-admin-drag-ctrls.um-admin-drag-ctrls-demo{position:absolute;right:7px;top:-30px;left:auto}.um-admin-drag-ctrls a{float:left;margin:0 5px 0 0;height:30px;line-height:30px;background:#eee;color:#888;padding:0 8px;text-decoration:none;border-radius:2px 2px 0 0}.um-admin-drag-ctrls a:hover{background-color:#e5e5e5}.um-admin-drag-ctrls a.active,.um-admin-drag-ctrls a.active:hover{background-color:#0085ba;color:#fff}.um-admin-drag-ctrls.columns a{width:30px!important;background-image:url(../../img/builder/1-column.gif);background-repeat:no-repeat;background-position:center}.um-admin-drag-ctrls.columns a:nth-child(2){background-image:url(../../img/builder/2-columns.gif)}.um-admin-drag-ctrls.columns a:last-child{background-image:url(../../img/builder/3-columns.gif)}.um-admin-drag-ctrls.columns a.active{background-image:url(../../img/builder/1-column-active.gif)}.um-admin-drag-ctrls.columns a.active:nth-child(2){background-image:url(../../img/builder/2-columns-active.gif)}.um-admin-drag-ctrls.columns a.active:last-child{background-image:url(../../img/builder/3-columns-active.gif)}.um-admin-drag{width:100%;background:#f1f1f1;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;position:relative;padding:60px 20px 20px 20px}.um-admin-drag-row{width:100%;background:#fefefe;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;position:relative;padding:60px 20px 20px 20px;margin:0 0 60px 0}.um-admin-drag-row:last-child{margin-bottom:0}.um-admin-drag-row-icons{position:absolute;right:0;top:-30px;height:30px}.um-admin-drag-row-icons a{text-decoration:none;color:#fff;width:40px;height:30px;line-height:30px;text-align:center;display:block!important;float:left;background:#0085ba;padding:0 4px;transition:all .2s linear;border-left:1px solid #379dd5}.um-admin-drag-row-icons a:hover{background:#008ec2}.um-admin-drag-row-icons span{cursor:move!important;text-decoration:none;color:#fff;width:40px;height:30px;line-height:30px;text-align:center;display:block!important;float:left;background:#0085ba;padding:0 4px;transition:all .2s linear;border-left:1px solid #379dd5}.um-admin-drag-row-icons span:hover{background:#008ec2}.um-admin-drag-row-icons i{font-size:18px!important;margin:0!important;top:2px;position:relative}.um-admin-drag-rowsub{position:relative;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;background:#f1f1f1;padding:20px;margin:0 0 60px 0}.um-admin-drag-rowsub:last-child{margin-bottom:0}.um-admin-drag-rowsub-icons{position:absolute;right:0;top:-30px;height:30px}.um-admin-drag-rowsub-icons a{text-decoration:none;color:#fff;width:40px;height:30px;line-height:30px;text-align:center;display:block!important;float:left;background:#0085ba;padding:0 4px;transition:all .2s linear;border-left:1px solid #379dd5}.um-admin-drag-rowsub-icons a:hover{background:#008ec2}.um-admin-drag-rowsub-icons span{cursor:move!important;text-decoration:none;color:#fff;width:40px;height:30px;line-height:30px;text-align:center;display:block!important;float:left;background:#0085ba;padding:0 4px;transition:all .2s linear;border-left:1px solid #379dd5}.um-admin-drag-rowsub-icons span:hover{background:#008ec2}.um-admin-drag-rowsub-icons i{font-size:18px!important;margin:0!important;top:2px;position:relative}.um-admin-drag-col{float:left;width:100%;background:#fff;border:1px dashed #bbb;box-sizing:border-box;padding:20px}.um-admin-drag-col.cols-3{width:32%}.um-admin-drag-col.cols-3.cols-last{width:32%}.um-admin-drag-col.cols-3.cols-middle{width:32%;margin:0 2%}.um-admin-drag-col.cols-3 .um-admin-drag-fld-title{height:auto;line-height:18px;margin:10px;margin-bottom:0}.um-admin-drag-col.cols-3 .um-admin-drag-fld-type{height:auto;line-height:18px;margin:0 0 10px 0}.um-admin-drag-col.cols-3 .um-admin-drag-fld-icons{float:none;position:absolute;bottom:0;right:0;height:30px;display:none}.um-admin-drag-col.cols-3 .um-admin-drag-fld-icons.um-field-type-group{float:left;position:relative;bottom:auto;right:auto;height:30px;display:block}.um-admin-drag-col.cols-3 .um-admin-drag-fld:hover .um-admin-drag-fld-icons{display:block}.um-admin-drag-col.cols-1{width:100%}.um-admin-drag-col.cols-1.cols-last{width:100%}.um-admin-drag-col.cols-2{width:49%;margin:0 1% 0 0}.um-admin-drag-col.cols-2.cols-last{width:49%;margin:0 0 0 1%}.um-admin-drag-col>.um-admin-drag-fld:last-of-type{margin-bottom:20px}.um-admin-drag-addrow{text-align:center;font-size:14px;color:#888;cursor:pointer;border:1px dashed #bbb;padding:10px 0;margin:20px 0 0 0}.um-admin-drag-addrow i{font-size:23px!important;margin:0!important}.um-admin-drag-addrow:hover{color:#0085ba}.um-admin-drag-fld{display:block;position:relative;border:1px solid #ddd;margin:0 0 15px 0;background:#f5f5f5;cursor:move!important}.um-admin-drag-fld.um-field-type-group{background:#555;border:0}.um-admin-drag-fld-title{float:left;font-weight:700;font-size:13px;color:#666;height:30px;line-height:30px;margin:0 0 0 20px}.um-admin-drag-fld-title.um-field-type-group{color:#fff}.um-admin-drag-fld-title i{width:24px;display:inline-block;text-align:center}.um-admin-drag-group{background:#fcfcfc;cursor:default;padding:20px;border:1px dashed #bbb}.um-admin-drag-fld-type{float:left;font-size:13px;height:30px;line-height:30px;margin:0 0 0 20px;font-weight:400;color:#999}.um-admin-drag-fld-type.um-field-type-group{color:#fff}.um-admin-drag-fld-icons{float:right}.um-admin-drag-fld-icons a{text-decoration:none;color:#fff;width:40px;height:30px;line-height:30px;text-align:center;display:block!important;float:left;background:#0085ba;padding:0 4px;transition:all .2s linear;border-left:1px solid #379dd5}.um-admin-drag-fld-icons a:hover{background:#008ec2}.um-admin-drag-fld-icons i{font-size:18px!important;margin:0!important;top:2px;position:relative}.um-admin-drag-fld-icons.um-field-type-group a.um_admin_duplicate_field{display:none!important}.um-row-placeholder{width:100%;border:2px dashed #aaa;box-sizing:border-box}.um-rowsub-placeholder{width:100%;border:2px dashed #ccc;box-sizing:border-box;display:block}.um-fld-placeholder{display:block;border:1px dashed #ddd;background:#fff;box-sizing:border-box;width:100%}.um-admin-modal #UM_preview_form .um-admin-modal-body{position:relative}.um-admin-modal #UM_preview_form .um-admin-modal-body .um-admin-preview-overlay{position:absolute;top:0;bottom:0;left:0;right:0;background-color:rgba(255,255,255,0);z-index:100}
\ No newline at end of file
+@-webkit-keyframes um-ajax-spinning{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@-moz-keyframes um-ajax-spinning{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@-ms-keyframes um-ajax-spinning{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}@keyframes um-ajax-spinning{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(360deg);transform:rotate(360deg)}}.um-admin-row-loading{position:absolute;width:100%;height:calc(100% + 30px);top:-30px;left:0;background:rgba(241,241,241,.6);z-index:999;display:none}.um-admin-row-loading>span{display:block;-webkit-transition:.1s opacity;-moz-transition:.1s opacity;-ms-transition:.1s opacity;-o-transition:.1s opacity;transition:.1s opacity;color:#c6c6c6!important;-webkit-animation:um-ajax-spinning 1.1s infinite linear;animation:um-ajax-spinning 1.1s infinite linear;border-top:.2em solid #000;border-right:.2em solid #000;border-bottom:.2em solid #000;border-left:.2em solid #c6c6c6;font-size:1.75em;-ms-transform:translateZ(0);transform:translateZ(0);border-radius:50%;width:40px;height:40px;margin:-20px 0 0 -20px;outline:0;padding:0;vertical-align:baseline;position:absolute;left:50%;top:50%}.um-admin-boxed-links{width:100%;text-align:center}.um-admin-boxed-links a{width:33.3%;float:left;border-left:1px solid #fff;border-right:1px solid #fff;padding:30px 25px!important;background:#f8f8f8;text-align:center;display:inline-block!important;font-size:14px;transition:all .2s linear;text-decoration:none;color:#666;margin:0!important;box-sizing:border-box!important;border-radius:2px;font-weight:600}.um-admin-boxed-links a:hover{background:#eee}.um-admin-boxed-links a.um-admin-activebg{background:#0085ba;color:#fff}.um-admin-boxed-links a.um-admin-activebg:hover{background:#0085ba;color:#fff}.um-admin-boxed-links i{font-size:28px;vertical-align:middle;margin:0 10px 0 0}.um-admin-half{float:left;width:48%}.um-admin-half select{box-sizing:border-box}.um-admin-half.um-admin-right{float:right}.um-admin-half p:first-child{margin-top:0}.um-admin-half .um{opacity:1;margin-bottom:0!important}.um-admin-tri{float:left;width:33%;position:relative}.um-admin-tri[data-select2-id]{position:relative}._heading_text[data-select2-id]{position:relative}.um-admin-error-block,.um-admin-success-block{display:none;width:100%;background:#c74a4a;border-radius:3px;color:#fff;box-sizing:border-box;position:relative;padding:12px;font-size:13px;line-height:1em!important;margin:0 0 16px 0}.um-admin-success-block{background:#7acf58}.um-admin-cur-condition-template{display:none}.dynamic-mce-content{display:none}.um-admin-btns{line-height:1.5em;margin:0 0 5px 0;display:flex;flex-direction:row;justify-content:flex-start;align-items:baseline;flex-wrap:wrap}.um-admin-btns .um-no-custom-fields{margin:0}.um-admin-btns a{margin:0 3px 8px 0!important;font-size:12px!important;display:flex;flex-direction:row;justify-content:flex-start;align-items:center;flex-wrap:nowrap;display:flex!important}.um-admin-btns a.with-icon span{color:#aaa;font-size:15px!important;padding-left:5px;height:auto;width:auto}.um-admin-btns a.with-icon:hover span{color:#cb3838}.um-admin-btn-toggle{padding:10px 0}.um-admin-btn-toggle p{margin:0 5px 0 0!important}.um-admin-btn-toggle p.um-admin-reset-conditions a{margin-bottom:5px}.um-admin-btn-toggle a{text-decoration:none;color:#999}.um-admin-btn-toggle a.um-admin-new-condition{margin-bottom:5px}.um-admin-btn-toggle a.active{color:#0085ba}.um-admin-btn-toggle a.active:hover{color:#0085ba}.um-admin-btn-toggle i{margin:0 5px 0 0!important;height:100%;color:#666;position:relative;top:1px}.um-admin-btn-content{display:none;padding:5px 0 0 0}.um-admin-btn-content p{float:left;margin-right:10px!important;padding:0!important}.um-admin-btn-content p.um-admin-conditions-notice{width:100%;margin:0 0 9px 0!important}.um-admin-btn-content .um-admin-cur-condition:not(:last-child){margin:0 0 5px 0}.um-admin-builder i{font-size:15px!important;height:100%!important;line-height:100%!important;margin:0 5px 0 0!important}.um-admin-builder .um-admin-drag{margin-top:40px}.um-admin-drag-add-field{display:block;width:100%;height:30px;line-height:30px;text-align:center;color:#aaa;text-decoration:none}.um-admin-drag-add-field:hover{color:#0085ba}.um-admin-drag-add-field i{font-size:23px!important;margin:0!important}.um-admin-drag-ctrls{position:absolute;top:-30px;left:0}.um-admin-drag-ctrls.um-admin-drag-ctrls-demo{position:absolute;right:7px;top:-30px;left:auto}.um-admin-drag-ctrls a{float:left;margin:0 5px 0 0;height:30px;line-height:30px;background:#eee;color:#888;padding:0 8px;text-decoration:none;border-radius:2px 2px 0 0}.um-admin-drag-ctrls a:hover{background-color:#e5e5e5}.um-admin-drag-ctrls a.active,.um-admin-drag-ctrls a.active:hover{background-color:#0085ba;color:#fff}.um-admin-drag-ctrls.columns a{width:30px!important;background-image:url(../../img/builder/1-column.gif);background-repeat:no-repeat;background-position:center}.um-admin-drag-ctrls.columns a:nth-child(2){background-image:url(../../img/builder/2-columns.gif)}.um-admin-drag-ctrls.columns a:last-child{background-image:url(../../img/builder/3-columns.gif)}.um-admin-drag-ctrls.columns a.active{background-image:url(../../img/builder/1-column-active.gif)}.um-admin-drag-ctrls.columns a.active:nth-child(2){background-image:url(../../img/builder/2-columns-active.gif)}.um-admin-drag-ctrls.columns a.active:last-child{background-image:url(../../img/builder/3-columns-active.gif)}.um-admin-drag{width:100%;background:#f1f1f1;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;position:relative;padding:60px 20px 20px 20px}.um-admin-drag-row{width:100%;background:#fefefe;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;position:relative;padding:60px 20px 20px 20px;margin:0 0 60px 0}.um-admin-drag-row:last-child{margin-bottom:0}.um-admin-drag-row-icons{position:absolute;right:0;top:-30px;height:30px}.um-admin-drag-row-icons a{text-decoration:none;color:#fff;width:40px;height:30px;line-height:30px;text-align:center;display:block!important;float:left;background:#0085ba;padding:0 4px;transition:all .2s linear;border-left:1px solid #379dd5}.um-admin-drag-row-icons a:hover{background:#008ec2}.um-admin-drag-row-icons span{cursor:move!important;text-decoration:none;color:#fff;width:40px;height:30px;line-height:30px;text-align:center;display:block!important;float:left;background:#0085ba;padding:0 4px;transition:all .2s linear;border-left:1px solid #379dd5}.um-admin-drag-row-icons span:hover{background:#008ec2}.um-admin-drag-row-icons i{font-size:18px!important;margin:0!important;top:2px;position:relative}.um-admin-drag-rowsub{position:relative;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;background:#f1f1f1;padding:20px;margin:0 0 60px 0}.um-admin-drag-rowsub:last-child{margin-bottom:0}.um-admin-drag-rowsub-icons{position:absolute;right:0;top:-30px;height:30px}.um-admin-drag-rowsub-icons a{text-decoration:none;color:#fff;width:40px;height:30px;line-height:30px;text-align:center;display:block!important;float:left;background:#0085ba;padding:0 4px;transition:all .2s linear;border-left:1px solid #379dd5}.um-admin-drag-rowsub-icons a:hover{background:#008ec2}.um-admin-drag-rowsub-icons span{cursor:move!important;text-decoration:none;color:#fff;width:40px;height:30px;line-height:30px;text-align:center;display:block!important;float:left;background:#0085ba;padding:0 4px;transition:all .2s linear;border-left:1px solid #379dd5}.um-admin-drag-rowsub-icons span:hover{background:#008ec2}.um-admin-drag-rowsub-icons i{font-size:18px!important;margin:0!important;top:2px;position:relative}.um-admin-drag-col{float:left;width:100%;background:#fff;border:1px dashed #bbb;box-sizing:border-box;padding:20px}.um-admin-drag-col.cols-3{width:32%}.um-admin-drag-col.cols-3.cols-last{width:32%}.um-admin-drag-col.cols-3.cols-middle{width:32%;margin:0 2%}.um-admin-drag-col.cols-3 .um-admin-drag-fld-title{height:auto;line-height:18px;margin:10px;margin-bottom:0}.um-admin-drag-col.cols-3 .um-admin-drag-fld-type{height:auto;line-height:18px;margin:0 0 10px 0}.um-admin-drag-col.cols-3 .um-admin-drag-fld-banned{height:auto;line-height:18px;margin:0 0 10px 0}.um-admin-drag-col.cols-3 .um-admin-drag-fld-icons{float:none;position:absolute;bottom:0;right:0;height:30px;display:none}.um-admin-drag-col.cols-3 .um-admin-drag-fld-icons.um-field-type-group{float:left;position:relative;bottom:auto;right:auto;height:30px;display:block}.um-admin-drag-col.cols-3 .um-admin-drag-fld:hover .um-admin-drag-fld-icons{display:block}.um-admin-drag-col.cols-1{width:100%}.um-admin-drag-col.cols-1.cols-last{width:100%}.um-admin-drag-col.cols-2{width:49%;margin:0 1% 0 0}.um-admin-drag-col.cols-2.cols-last{width:49%;margin:0 0 0 1%}.um-admin-drag-col>.um-admin-drag-fld:last-of-type{margin-bottom:20px}.um-admin-drag-addrow{text-align:center;font-size:14px;color:#888;cursor:pointer;border:1px dashed #bbb;padding:10px 0;margin:20px 0 0 0}.um-admin-drag-addrow i{font-size:23px!important;margin:0!important}.um-admin-drag-addrow:hover{color:#0085ba}.um-admin-drag-fld{display:block;position:relative;border:1px solid #ddd;margin:0 0 15px 0;background:#f5f5f5;cursor:move!important}.um-admin-drag-fld.um-field-type-group{background:#555;border:0}.um-admin-drag-fld-title{float:left;font-weight:700;font-size:13px;color:#666;height:30px;line-height:30px;margin:0 0 0 20px}.um-admin-drag-fld-title.um-field-type-group{color:#fff}.um-admin-drag-fld-title i{width:24px;display:inline-block;text-align:center}.um-admin-drag-group{background:#fcfcfc;cursor:default;padding:20px;border:1px dashed #bbb}.um-admin-drag-fld-type{float:left;font-size:13px;height:30px;line-height:30px;margin:0 0 0 20px;font-weight:400;color:#999}.um-admin-drag-fld-type.um-field-type-group{color:#fff}.um-admin-drag-fld-banned{float:left;font-size:13px;height:30px;line-height:30px;margin:0 0 0 20px;font-weight:400;color:var(--um-blocks-error-color,#d92d20)}.um-admin-drag-fld-icons{float:right}.um-admin-drag-fld-icons a{text-decoration:none;color:#fff;width:40px;height:30px;line-height:30px;text-align:center;display:block!important;float:left;background:#0085ba;padding:0 4px;transition:all .2s linear;border-left:1px solid #379dd5}.um-admin-drag-fld-icons a:hover{background:#008ec2}.um-admin-drag-fld-icons i{font-size:18px!important;margin:0!important;top:2px;position:relative}.um-admin-drag-fld-icons.um-field-type-group a.um_admin_duplicate_field{display:none!important}.um-row-placeholder{width:100%;border:2px dashed #aaa;box-sizing:border-box}.um-rowsub-placeholder{width:100%;border:2px dashed #ccc;box-sizing:border-box;display:block}.um-fld-placeholder{display:block;border:1px dashed #ddd;background:#fff;box-sizing:border-box;width:100%}.um-admin-modal #UM_preview_form .um-admin-modal-body{position:relative}.um-admin-modal #UM_preview_form .um-admin-modal-body .um-admin-preview-overlay{position:absolute;top:0;bottom:0;left:0;right:0;background-color:rgba(255,255,255,0);z-index:100}
\ No newline at end of file
diff --git a/assets/css/admin/builder.sass b/assets/css/admin/builder.sass
index f1356be4..18621495 100644
--- a/assets/css/admin/builder.sass
+++ b/assets/css/admin/builder.sass
@@ -400,6 +400,10 @@
       height: auto
       line-height: 18px
       margin: 0 0 10px 0
+    .#{$prefix}admin-drag-fld-banned
+      height: auto
+      line-height: 18px
+      margin: 0 0 10px 0
     .#{$prefix}admin-drag-fld-icons
       float: none
       position: absolute
@@ -492,6 +496,14 @@
   &.um-field-type-group
     color: #fff
 
+.#{$prefix}admin-drag-fld-banned
+  float: left
+  font-size: 13px
+  height: 30px
+  line-height: 30px
+  margin: 0 0 0 20px
+  font-weight: 400
+  color: $error-text
 
 .#{$prefix}admin-drag-fld-icons
   float: right
diff --git a/includes/admin/class-site-health.php b/includes/admin/class-site-health.php
index f8405802..bdcd8b9f 100644
--- a/includes/admin/class-site-health.php
+++ b/includes/admin/class-site-health.php
@@ -1,6 +1,8 @@
 <?php
 namespace um\admin;
 
+use WP_Query;
+
 if ( ! defined( 'ABSPATH' ) ) {
 	exit;
 }
@@ -48,11 +50,11 @@ class Site_Health {
 			);
 		}
 
+		// Searching in the global registered custom fields banned or blacklisted fields.
 		$custom_fields = get_option( 'um_fields', array() );
 		if ( ! empty( $custom_fields ) ) {
-			$keys = array_merge( UM()->builtin()->blacklist_fields, UM()->user()->banned_keys );
-			foreach ( $keys as $key ) {
-				if ( isset( $custom_fields[ $key ] ) ) {
+			foreach ( array_keys( $custom_fields ) as $key ) {
+				if ( self::field_is_banned( $key ) ) {
 					$tests['direct']['um_banned_fields'] = array(
 						'label' => esc_html__( 'Are the banned custom fields?', 'ultimate-member' ),
 						'test'  => array( $this, 'banned_fields_test' ),
@@ -224,9 +226,11 @@ class Site_Health {
 		return $result;
 	}
 
-	public function get_banned_fields() {
-		$keys = array_merge( UM()->builtin()->blacklist_fields, UM()->user()->banned_keys );
+	private static function field_is_banned( $metakey ) {
+		return UM()->user()->is_metakey_banned( $metakey ) || in_array( strtolower( $metakey ), UM()->builtin()->blacklist_fields, true );
+	}
 
+	public function get_banned_fields() {
 		$result = array(
 			'description' => '',
 			'actions'     => '',
@@ -252,14 +256,21 @@ class Site_Health {
 					if ( empty( $field['metakey'] ) ) {
 						continue;
 					}
-					if ( in_array( $field['metakey'], $keys, true ) ) {
-						$break_forms[] = array(
-							'id'    => $form_id,
-							'title' => get_the_title( $form_id ),
-							'link'  => get_edit_post_link( $form_id ),
-							'key'   => $field['metakey'],
-						);
-						++$forms_count;
+
+					if ( self::field_is_banned( $field['metakey'] ) ) {
+						if ( ! array_key_exists( $form_id, $break_forms ) ) {
+							$break_forms[ $form_id ] = array(
+								'title'  => get_the_title( $form_id ),
+								'link'   => get_edit_post_link( $form_id ),
+								'fields' => array(
+									$field['metakey'] => isset( $field['title'] ) ? $field['title'] : __( 'Unknown title', 'ultimate-member' ),
+								),
+							);
+
+							++$forms_count;
+						} else {
+							$break_forms[ $form_id ]['fields'][ $field['metakey'] ] = isset( $field['title'] ) ? $field['title'] : __( 'Unknown title', 'ultimate-member' );
+						}
 					}
 				}
 			}
@@ -268,30 +279,26 @@ class Site_Health {
 		if ( 0 < $forms_count ) {
 			$result['description'] .= sprintf(
 				'<p>%s</p>',
-				__( 'Your fields in the Ultimate Member Forms are banned.', 'ultimate-member' )
+				__( 'Please note that some fields in your Ultimate Member Forms are currently on a restricted list that disallows their use. This is particularly related to the Ultimate Member Forms and their fields below.', 'ultimate-member' )
 			);
 
 			if ( ! empty( $break_forms ) ) {
-				$result['description'] .= sprintf(
-					'<p>%s',
-					__( 'Related to Ultimate Member Forms: ', 'ultimate-member' )
-				);
+				$forms_description = array();
+				foreach ( $break_forms as $form_id => $form_data ) {
+					$fields = array();
+					foreach ( $form_data['fields'] as $metakey => $field_title ) {
+						$fields[] = sprintf( __( '%s (<code>%s</code>)', 'ultimate-member' ), $field_title, $metakey );
+					}
 
-				$form_links = array();
-				foreach ( $break_forms as $break_form ) {
-					$form_links[] = sprintf(
-						'<a href="%s" target="_blank">%s in %s (#ID: %s)</a>',
-						esc_url( $break_form['link'] ),
-						esc_html__( 'field', 'ultimate-member' ) . ' "' . esc_html( $break_form['key'] ) . '"',
-						esc_html( $break_form['title'] ),
-						esc_html( $break_form['id'] )
-					);
+					$forms_description[] = '<h4>' . sprintf(
+						__( 'Fields in <a href="%s" target="_blank">%s (#ID: %s)</a>:', 'ultimate-member' ),
+						esc_url( $form_data['link'] ),
+						esc_html( $form_data['title'] ),
+						esc_html( $form_id )
+					) . '</h4><ul><li>' . implode( '</li><li>', $fields ) . '</li></ul>';
 				}
 
-				$result['description'] .= sprintf(
-					'%s</p><hr />',
-					implode( ', ', $form_links )
-				);
+				$result['description'] .= implode( ' ', $forms_description );
 			}
 
 			$result['actions'] .= sprintf(
@@ -301,12 +308,12 @@ class Site_Health {
 			);
 		}
 
-		$result = apply_filters( 'um_get_banned_fields_result', $result, $keys );
+		$result = apply_filters( 'um_get_banned_fields_result', $result );
 
 		if ( ! empty( $result['description'] ) ) {
 			$result['description'] .= sprintf(
 				'<p>%s</p>',
-				__( 'Using banned meta keys may break the website\'s functionality.', 'ultimate-member' )
+				__( 'The using meta keys from restricted list in Ultimate Member Forms may break the website\'s functionality and is unsecure.', 'ultimate-member' )
 			);
 		}
 
@@ -336,8 +343,8 @@ class Site_Health {
 		$banned_fields = $this->get_banned_fields();
 		if ( false !== $banned_fields ) {
 			$result['label']          = __( 'Some field from Ultimate Member forms has banned meta key', 'ultimate-member' );
-			$result['status']         = 'recommended';
-			$result['badge']['color'] = 'orange';
+			$result['status']         = 'critical';
+			$result['badge']['color'] = 'red';
 			$result['description']    = $banned_fields['description'];
 			$result['actions']        = $banned_fields['actions'];
 		}
@@ -375,7 +382,7 @@ class Site_Health {
 	}
 
 	private function get_field_data( $info, $key, $field_key, $field ) {
-		$row        = isset( $field['metakey'] ) ? false : true;
+		$row        = array_key_exists( 'type', $field ) && 'row' === $field['type'];
 		$title      = $row ? __( 'Row: ', 'ultimate-member' ) . $field['id'] : __( 'Field: ', 'ultimate-member' ) . $field['metakey'];
 		$field      = array_map( array( &$this, 'array_map' ), $field );
 		$field_info = array(
@@ -389,7 +396,7 @@ class Site_Health {
 	}
 
 	private function get_member_directories() {
-		$query              = new \WP_Query();
+		$query              = new WP_Query();
 		$member_directories = $query->query(
 			array(
 				'post_type'      => 'um_directory',
@@ -1762,10 +1769,8 @@ class Site_Health {
 						),
 					)
 				);
-			}
 
-			if ( array_key_exists( '_um_login_redirect_url', $rolemeta ) && 'redirect_url' === $rolemeta['_um_login_redirect_url'] ) {
-				if ( array_key_exists( '_um_pending_url', $rolemeta ) ) {
+				if ( 'redirect_url' === $rolemeta['_um_after_login'] && array_key_exists( '_um_login_redirect_url', $rolemeta ) ) {
 					$info[ 'ultimate-member-' . $key ]['fields'] = array_merge(
 						$info[ 'ultimate-member-' . $key ]['fields'],
 						array(
@@ -1795,10 +1800,8 @@ class Site_Health {
 						),
 					)
 				);
-			}
 
-			if ( 'redirect_url' === $rolemeta['_um_after_logout'] ) {
-				if ( array_key_exists( '_um_logout_redirect_url', $rolemeta ) ) {
+				if ( 'redirect_url' === $rolemeta['_um_after_logout'] && array_key_exists( '_um_logout_redirect_url', $rolemeta ) ) {
 					$info[ 'ultimate-member-' . $key ]['fields'] = array_merge(
 						$info[ 'ultimate-member-' . $key ]['fields'],
 						array(
@@ -1824,10 +1827,8 @@ class Site_Health {
 						),
 					)
 				);
-			}
 
-			if ( 'redirect_url' === $rolemeta['_um_after_delete'] ) {
-				if ( array_key_exists( '_um_delete_redirect_url', $rolemeta ) ) {
+				if ( 'redirect_url' === $rolemeta['_um_after_delete'] && array_key_exists( '_um_delete_redirect_url', $rolemeta ) ) {
 					$info[ 'ultimate-member-' . $key ]['fields'] = array_merge(
 						$info[ 'ultimate-member-' . $key ]['fields'],
 						array(
@@ -1841,17 +1842,15 @@ class Site_Health {
 			}
 
 			if ( ! empty( $rolemeta['wp_capabilities'] ) ) {
-				if ( array_key_exists( 'wp_capabilities', $rolemeta ) ) {
-					$info[ 'ultimate-member-' . $key ]['fields'] = array_merge(
-						$info[ 'ultimate-member-' . $key ]['fields'],
-						array(
-							'um-wp_capabilities' => array(
-								'label' => __( 'WP Capabilities', 'ultimate-member' ),
-								'value' => $rolemeta['wp_capabilities'],
-							),
-						)
-					);
-				}
+				$info[ 'ultimate-member-' . $key ]['fields'] = array_merge(
+					$info[ 'ultimate-member-' . $key ]['fields'],
+					array(
+						'um-wp_capabilities' => array(
+							'label' => __( 'WP Capabilities', 'ultimate-member' ),
+							'value' => $rolemeta['wp_capabilities'],
+						),
+					)
+				);
 			}
 
 			$info = apply_filters( 'um_debug_information_user_role', $info, $key );
@@ -2295,11 +2294,7 @@ class Site_Health {
 									)
 								);
 							} else {
-								if ( isset( $options[ $field ] ) ) {
-									$sortby_label = $options[ $field ];
-								} else {
-									$sortby_label = $field;
-								}
+								$sortby_label = isset( $options[ $field ] ) ? $options[ $field ] : $field;
 								$info[ 'ultimate-member-directory-' . $key ]['fields'] = array_merge(
 									$info[ 'ultimate-member-directory-' . $key ]['fields'],
 									array(
diff --git a/includes/admin/core/class-admin-builder.php b/includes/admin/core/class-admin-builder.php
index e0b49050..2a433c9f 100644
--- a/includes/admin/core/class-admin-builder.php
+++ b/includes/admin/core/class-admin-builder.php
@@ -546,6 +546,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
 														<?php echo ! empty( $field_title ) ? esc_html( $field_title ) : esc_html__( '(no title)', 'ultimate-member' ); ?>
 													</div>
 													<div class="um-admin-drag-fld-type um-field-type-<?php echo esc_attr( $field_type ); ?>"><?php echo esc_html( $field_name ); ?></div>
+													<?php if ( UM()->user()->is_metakey_banned( $key ) || in_array( strtolower( $key ), UM()->builtin()->blacklist_fields, true ) ) { ?>
+														<div class="um-admin-drag-fld-banned um-field-type-<?php echo esc_attr( $field_type ); ?>"><?php esc_html_e( 'This is not permitted for security reasons. For your safety, please remove it.', 'ultimate-member' ); ?></div>
+													<?php } ?>
 													<div class="um-admin-drag-fld-icons um-field-type-<?php echo esc_attr( $field_type ); ?>">
 														<a href="javascript:void(0);" class="um-tip-n" title="<?php esc_attr_e( 'Edit', 'ultimate-member' ); ?>" data-modal="UM_edit_field" data-modal-size="normal" data-dynamic-content="um_admin_edit_field_popup" data-arg1="<?php echo esc_attr( $field_type ); ?>" data-arg2="<?php echo esc_attr( $this->form_id ); ?>" data-arg3="<?php echo esc_attr( $key ); ?>"><i class="um-faicon-pencil"></i></a>
 														<a href="javascript:void(0);" class="um-tip-n um_admin_duplicate_field" title="<?php esc_attr_e( 'Duplicate', 'ultimate-member' ); ?>" data-silent_action="um_admin_duplicate_field" data-arg1="<?php echo esc_attr( $key ); ?>" data-arg2="<?php echo esc_attr( $this->form_id ); ?>"><i class="um-faicon-files-o"></i></a>
diff --git a/includes/core/class-builtin.php b/includes/core/class-builtin.php
index aa0fb5c0..08ea9bbd 100644
--- a/includes/core/class-builtin.php
+++ b/includes/core/class-builtin.php
@@ -34,6 +34,9 @@ if ( ! class_exists( 'um\core\Builtin' ) ) {
 		public $saved_fields = array();
 
 		/**
+		 * Field keys that cannot be used as metakey when add new custom field to UM Form.
+		 * Note: They are used both with function `UM()->user()->is_metakey_banned()` to avoid using unsecure metakeys.
+		 *
 		 * @var array
 		 */
 		public $blacklist_fields = array();
@@ -183,7 +186,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) {
 		 * @return int|string Empty or error string.
 		 */
 		public function blacklist_field_err( $key ) {
-			if ( in_array( strtolower( $key ), $this->blacklist_fields, true ) || in_array( strtolower( $key ), UM()->user()->banned_keys, true ) ) {
+			if ( in_array( strtolower( $key ), $this->blacklist_fields, true ) || UM()->user()->is_metakey_banned( $key ) ) {
 				return __( 'Your meta key can not be used', 'ultimate-member' );
 			}
 
@@ -1426,6 +1429,9 @@ if ( ! class_exists( 'um\core\Builtin' ) ) {
 		public function set_blacklist_fields() {
 			$this->blacklist_fields = array(
 				'id',
+				'role',
+				'user_id',
+				'user_pass',
 			);
 
 			/**
diff --git a/includes/core/class-user.php b/includes/core/class-user.php
index ea358262..f8d70584 100644
--- a/includes/core/class-user.php
+++ b/includes/core/class-user.php
@@ -93,9 +93,6 @@ if ( ! class_exists( 'um\core\User' ) ) {
 
 			$this->banned_keys = array(
 				'metabox',
-				'user_id',
-				'role',
-				'user_pass',
 				'postbox',
 				'meta-box',
 				'dismissed_wp_pointers',