Resolved CVE-2025-15064 by deprecating HTML usage in user descriptions. Updated plugin version to 2.11.2 across files and documentation, ensuring users are informed and prompted to upgrade immediately.
Introduced 'Privacy Options' to control visibility of the Member Directory and a rate limiting feature for nopriv AJAX actions. Fixed multiple security issues (CVE-2025-13220, CVE-2025-13217, CVE-2025-14081, CVE-2025-12492) by improving attribute handling, input sanitization, and adding privacy settings. Updated templates include members.php, members-grid.php, and members-list.php.
Bumped the Ultimate Member plugin version to 2.11.1 in multiple files, including improved metadata references (README, changelog, blueprint). Ensures consistency across documentation and assets for the updated release.
Bump the plugin version from 2.10.7 to 2.11.0 in all relevant files, reflecting the latest release. This includes updates to documentation, metadata, changelogs, and file references to maintain consistency.
This release includes enhancements such as transitioning the `Extensions_Updater` to use the Action Scheduler for smoother extension upgrades. Bug fixes address profile link issues in comments, improve emoji conversion with `emotize`, and correct label typos.
Introduced the `UM_UPDATER_DEBUG` constant to enable debugging for upgrade packages. This facilitates easier troubleshooting and testing during update processes.
Introduced a new method `is_license_debug_enabled` to check debug conditions and added extensive logging for license requests when debugging is enabled. A new constant `UM_LICENSE_REQUEST_DEBUG` was also defined to control debug mode. These changes enhance visibility into license request handling during development or troubleshooting.
Switch the plugin from the alpha version to the stable release. This ensures users have access to the finalized and tested version for production environments.
Bump version across plugin files and update references to reflect the new official release, 2.10.6. This ensures consistency in documentation and downloadable resources.
Bump plugin version to 2.10.5 and update stable tag in readme. Upgraded Action Scheduler dependency to version 3.9.2 to address library errors. Added filter hooks for primary button classes and improved deactivation logic for better scheduling handling.
Introduced a new `UM_Stripe_API` method in the `UM` class to extend functionality. Also added license metadata (GPLv3) and its URI in the plugin headers for better clarity and compliance.
Addressed CVE-2025-47691 by updating the dynamic blacklist logic using WordPress functions. Fixed bugs related to Action Scheduler, password reset functionality, and email change settings for user accounts, ensuring better role compatibility. Updated version to 2.10.4.
Added a mechanism to dynamically retrieve and merge updated WordPress function lists into the blacklist to prevent unsafe usage in dropdown options. Addresses a security issue (CVE-2025-47691) by using a JSON-based function source tied to WordPress versioning.
This update fixes issues related to handling empty user statuses, ensuring proper account status checks and admin notice resets. It also updates plugin assets, documentation, and test scripts to reflect the new version (2.10.4). Additional improvements include enhanced error logging for more reliable diagnostics.
Bump stable version and update tested WordPress compatibility. Includes Action Scheduler refactor, bug fixes for Member Directory styles and filtering, and a PHP Warning fix. Cached assets should be regenerated after updating.
Bump version references across the plugin files from 2.10.2 to 2.10.3. This includes updates to documentation, changelog placeholders, and blueprint download URLs to ensure consistency and preparation for the new release.
Introduced `maybe_init_wp_filesystem` for better WP_Filesystem initialization and added new utility methods like `remove_dir`. Improved cache handling and documentation annotations for several methods. These changes enhance file management and ensure smoother integration.
This release addresses a security vulnerability (CVE-2025-1702) and includes several bugfixes, such as honeypot script handling and activation link behavior. Users must flush cached assets (JS/CSS) after upgrading to ensure proper functionality. Upgrade immediately for improved security and stability.
Bump plugin version to 2.10.0, update documentation, and adjust URLs and metadata accordingly. This release includes increased minimum PHP and WordPress requirements and addresses security-related issues. Users are strongly advised to update immediately.
Raised minimum PHP version to 7.0 and finalized the plugin version to 2.9.3. Introduced a centralized user actions array and replaced 'manage_options' capability with 'edit_users' for better permission handling. Optimized the nonce actions extension method for cleaner code.
* reviewed #1619
* updated filters by status, avoid slow queries for getting users count;
* updated bulk-actions for changing statuses (moved to WP native dropdown)
* separate handlers for changing user statuses on wp-admin and frontend (partially implemented);
* created class UM()->common()->users() to handle user statuses in more clear format;
* deprecated old hooks and old functions
Mykyta Synelnikov