Addressed CVE-2025-47691 by updating the dynamic blacklist logic using WordPress functions. Fixed bugs related to Action Scheduler, password reset functionality, and email change settings for user accounts, ensuring better role compatibility. Updated version to 2.10.4.
Added a mechanism to dynamically retrieve and merge updated WordPress function lists into the blacklist to prevent unsafe usage in dropdown options. Addresses a security issue (CVE-2025-47691) by using a JSON-based function source tied to WordPress versioning.
This update fixes issues related to handling empty user statuses, ensuring proper account status checks and admin notice resets. It also updates plugin assets, documentation, and test scripts to reflect the new version (2.10.4). Additional improvements include enhanced error logging for more reliable diagnostics.
Bump stable version and update tested WordPress compatibility. Includes Action Scheduler refactor, bug fixes for Member Directory styles and filtering, and a PHP Warning fix. Cached assets should be regenerated after updating.
Bump version references across the plugin files from 2.10.2 to 2.10.3. This includes updates to documentation, changelog placeholders, and blueprint download URLs to ensure consistency and preparation for the new release.
Introduced `maybe_init_wp_filesystem` for better WP_Filesystem initialization and added new utility methods like `remove_dir`. Improved cache handling and documentation annotations for several methods. These changes enhance file management and ensure smoother integration.
This release addresses a security vulnerability (CVE-2025-1702) and includes several bugfixes, such as honeypot script handling and activation link behavior. Users must flush cached assets (JS/CSS) after upgrading to ensure proper functionality. Upgrade immediately for improved security and stability.
Bump plugin version to 2.10.0, update documentation, and adjust URLs and metadata accordingly. This release includes increased minimum PHP and WordPress requirements and addresses security-related issues. Users are strongly advised to update immediately.
Raised minimum PHP version to 7.0 and finalized the plugin version to 2.9.3. Introduced a centralized user actions array and replaced 'manage_options' capability with 'edit_users' for better permission handling. Optimized the nonce actions extension method for cleaner code.
* reviewed #1619
* updated filters by status, avoid slow queries for getting users count;
* updated bulk-actions for changing statuses (moved to WP native dropdown)
* separate handlers for changing user statuses on wp-admin and frontend (partially implemented);
* created class UM()->common()->users() to handle user statuses in more clear format;
* deprecated old hooks and old functions
Mykyta Synelnikov