Adjusted dates for version 2.11.2 release and added details of a new JS filter for improved 3rd-party integration. This update includes enhancements like server-side validation for search forms and a new action hook for user approval after email validation.
Addressed several security issues including CVE-2025-15064 and CVE-2026-1404. Added server-side validation for forms and introduced hooks for email confirmation. Adjusted template handling, resolved mobile display issues, and updated Site Health debug information.
Resolved CVE-2025-15064 by deprecating HTML usage in user descriptions. Updated plugin version to 2.11.2 across files and documentation, ensuring users are informed and prompted to upgrade immediately.
Introduced 'Privacy Options' to control visibility of the Member Directory and a rate limiting feature for nopriv AJAX actions. Fixed multiple security issues (CVE-2025-13220, CVE-2025-13217, CVE-2025-14081, CVE-2025-12492) by improving attribute handling, input sanitization, and adding privacy settings. Updated templates include members.php, members-grid.php, and members-list.php.
Addressed a security vulnerability (CVE-2025-14081) and enhanced the logic for filtering fields based on user permissions. Made `filter_fields_by_attrs` a private function for improved encapsulation.
Resolved CVE-2025-13217 by implementing proper input sanitization and escaping for iframe URLs in YouTube, Vimeo, and Google Maps embeds. This update ensures safer handling of user-provided links to mitigate potential security vulnerabilities.
Addressed CVE-2025-13220 by implementing necessary fixes in the plugin's shortcodes and updating sanitization for shortcode attributes. Removed redundant compatibility checks for WordPress versions earlier than 5.4 and improved stability in the shortcode handling logic.
Bumped the Ultimate Member plugin version to 2.11.1 in multiple files, including improved metadata references (README, changelog, blueprint). Ensures consistency across documentation and assets for the updated release.
Enhanced the action hook 'um_after_profile_header_name' by including `$args` and `$user_id` parameters. Updated documentation and examples to reflect these changes, enabling more flexible and detailed customization options for developers.
Bump the plugin version from 2.10.7 to 2.11.0 in all relevant files, reflecting the latest release. This includes updates to documentation, metadata, changelogs, and file references to maintain consistency.
Updated the "Tested up to" WordPress version to 6.9 in the plugin readme file. Adjusted the release date for version 2.10.7 in both readme.txt and changelog.txt to reflect the correct December 2, 2025 date.
Refactor the subnav link class generation to use an array-based approach. This ensures better flexibility and readability while adding the "active" class conditionally when needed.
Introduced a 2nd `$args` parameter to the 'um_cover_area_content' action hook for greater flexibility. Also resolved PHP warnings related to roles without metadata to ensure smoother functionality.
Resolved conflicts in the image uploader caused by third-party lazy-loading attributes and improved emoji handling with a refined regex. Added an extra condition to license activation checks and updated the `Extensions_Updater` to utilize Action Scheduler for smoother extension upgrades.
Adjusted release dates in changelogs for multiple plugins to reflect updates on November 19, 2025. Added tweaks for integration with Social Activity wall and user mentions in relevant plugins.
This release includes enhancements such as transitioning the `Extensions_Updater` to use the Action Scheduler for smoother extension upgrades. Bug fixes address profile link issues in comments, improve emoji conversion with `emotize`, and correct label typos.
Aligned release dates in the readme and changelog files for version 2.10.6 to ensure consistency. This eliminates potential confusion regarding the plugin version history.
This release adds multiple enhancements, including WebP support, new filter hooks, license debugging, and improved extension upgrades. It also fixes issues like numeric field filtering, profile link handling, and dependencies with Action Scheduler. Cached assets should be regenerated post-upgrade.
Introduced new filter hooks for primary button classes in forms and improved URL handling for password resets and account activations. Deprecated several unused functions and replaced them with updated alternatives to streamline the codebase. Updated documentation and templates accordingly.
Added filter hooks for button classes and tweaked Site Health data logic for better 3rd-party integration. Fixed shortcode handling, email placeholder issues, and corrected naming inconsistencies like "North Macedonia."
Document enhancements, bug fixes, and template update for v2.10.5, including new filter hooks, email placeholder fixes, and Action Scheduler updates. Highlight required cache flush and asset regeneration post-update.
Addressed CVE-2025-47691 by updating the dynamic blacklist logic using WordPress functions. Fixed bugs related to Action Scheduler, password reset functionality, and email change settings for user accounts, ensuring better role compatibility. Updated version to 2.10.4.
Added new settings for registration management and improved Action Scheduler flexibility. Resolved issues with Member Directory styling, filtering, and email placeholders. Updated terminology and documentation; ensure cached assets are refreshed post-update.
This release addresses a critical security vulnerability (CVE-2025-1702) by improving query handling with `$wpdb->prepare()`. It also introduces new filesystem utility methods (`maybe_init_wp_filesystem`, `remove_dir`) and updates documentation accordingly. Users are strongly advised to update immediately.
This release addresses a security vulnerability (CVE-2025-1702) and includes several bugfixes, such as honeypot script handling and activation link behavior. Users must flush cached assets (JS/CSS) after upgrading to ensure proper functionality. Upgrade immediately for improved security and stability.
Corrected the release date for version 2.10.0 from February 17, 2025, to February 18, 2025, in both the changelog and readme files. No functional changes were made to the plugin.
Mykyta Synelnikov