Added a condition to initialize UM_Member_Grid only when the directory has the 'um-members-grid' class. This avoids unintended initialization and ensures proper functionality.
Updated the Action Scheduler implementation to improve flexibility and clarity. Replaced the 'enable_action_scheduler' option with 'enable_as_email_sending' for better specificity. Introduced hook-based checks to selectively enable email scheduling, ensuring compatibility and optimized performance.
Added comments to clarify the usage of meta keys introduced in WooCommerce 9.1.0 and marked TODOs for future cleanup. Also included a legacy key, `_money_spent`, for backward compatibility with WooCommerce versions below 9.1.0.
Bump version references across the plugin files from 2.10.2 to 2.10.3. This includes updates to documentation, changelog placeholders, and blueprint download URLs to ensure consistency and preparation for the new release.
This release addresses a critical security vulnerability (CVE-2025-1702) by improving query handling with `$wpdb->prepare()`. It also introduces new filesystem utility methods (`maybe_init_wp_filesystem`, `remove_dir`) and updates documentation accordingly. Users are strongly advised to update immediately.
Improved code readability by consolidating and consistently ignoring nonce verification warnings where it has already been verified. This simplifies the logic and ensures clearer handling of `$_POST` variables in the member directory search functionality.
Ensure proper validation for `directory_id` when processing search queries. Default include and exclude fields are applied if `directory_id` is absent, preserving functionality and preventing errors.
Replaced deprecated and complex search query methods with a more streamlined and flexible implementation. Introduced improved handling of core and custom search fields, optimized search logic, and added better filter support. Incremented plugin version to 2.10.2 to reflect these changes.
Introduced `maybe_init_wp_filesystem` for better WP_Filesystem initialization and added new utility methods like `remove_dir`. Improved cache handling and documentation annotations for several methods. These changes enhance file management and ensure smoother integration.
Simplified the regex patterns for detecting and preventing `sleep` and `benchmark` injections. This improves the accuracy and maintainability of the security checks in the member directory code.
Updated regular expressions to strengthen protection against sleep and benchmark injection attacks. This change improves the security of queries by handling potential edge cases more effectively.
This release addresses a security vulnerability (CVE-2025-1702) and includes several bugfixes, such as honeypot script handling and activation link behavior. Users must flush cached assets (JS/CSS) after upgrading to ensure proper functionality. Upgrade immediately for improved security and stability.
Improved readability and clarity of the email activation process by updating comments and restructuring conditional checks. Added hooks and filters for better customization, including redirect URL filtering. Replaced `wp_redirect` with `um_safe_redirect` for safer redirection handling.
Replaced \WP_User_Query with correctly imported WP_User_Query to ensure proper namespace handling. Added a new regex pattern to block sleep injections, enhancing security within the member directory query validation.
Simplified Gravatar image logic and improved code readability by restructuring the image processing flow. Removed redundant variable initialization and adjusted handling of `$image_info`. This ensures cleaner, more maintainable code while preserving existing functionality.
Removed unnecessary condition checks around honeypot script and style injection. Streamlined the code to always enqueue the honeypot logic, improving maintainability and reducing complexity.
Corrected the release date for version 2.10.0 from February 17, 2025, to February 18, 2025, in both the changelog and readme files. No functional changes were made to the plugin.
Bump plugin version to 2.10.0, update documentation, and adjust URLs and metadata accordingly. This release includes increased minimum PHP and WordPress requirements and addresses security-related issues. Users are strongly advised to update immediately.
Added separate buttons for 'Live Preview Screen' and 'Live Preview Mobile' in the form builder for better user experience. Updated coding standards for consistency, including proper handling of PHP tags and escaping functions. These changes improve readability, maintainability, and enhance functionality.
Issue #1646
Adjusted spacing for better code readability and consistency in the query arguments within the class-actions-listener.php file. This change ensures the code aligns with coding standards without affecting functionality.
Raised minimum PHP version to 7.0 and finalized the plugin version to 2.9.3. Introduced a centralized user actions array and replaced 'manage_options' capability with 'edit_users' for better permission handling. Optimized the nonce actions extension method for cleaner code.
* reviewed #1619
Streamlined PHP logic and variable handling to enhance readability and maintainability. Consolidated duplicated code, ensuring cleaner output for privacy policy content and error management within the Ultimate Member plugin.
Mykyta Synelnikov