Addressed CVE-2025-47691 by updating the dynamic blacklist logic using WordPress functions. Fixed bugs related to Action Scheduler, password reset functionality, and email change settings for user accounts, ensuring better role compatibility. Updated version to 2.10.4.
Simplified conditional checks for password and account form submissions by replacing `isset` with `!empty` where applicable. This improves readability and reduces redundancy while maintaining functionality and security. Added comments to clarify nonce verification status.
Simplified conditional checks for password and account form submissions by replacing `isset` with `!empty` where applicable. This improves readability and reduces redundancy while maintaining functionality and security. Added comments to clarify nonce verification status.
Added a mechanism to dynamically retrieve and merge updated WordPress function lists into the blacklist to prevent unsafe usage in dropdown options. Addresses a security issue (CVE-2025-47691) by using a JSON-based function source tied to WordPress versioning.
This update fixes issues related to handling empty user statuses, ensuring proper account status checks and admin notice resets. It also updates plugin assets, documentation, and test scripts to reflect the new version (2.10.4). Additional improvements include enhanced error logging for more reliable diagnostics.
Introduce fields for "Ignore User Role Registration Options" and re-add "Email sending by Action Scheduler" under the Site Health settings. This improves the clarity and organization of user options in the admin interface.
Added new settings for registration management and improved Action Scheduler flexibility. Resolved issues with Member Directory styling, filtering, and email placeholders. Updated terminology and documentation; ensure cached assets are refreshed post-update.
Added optional parameter to `reset_url` for user-specific handling. Updated email dispatch logic to include dynamic generation of the password reset link with proper placeholder replacements.
Ensure proper handling of user data in password reset functions by adding checks and updating parameter handling. Introduce a new filter to extend site health information and include a setting for enabling email sending via Action Scheduler. Improve code clarity with updated comments and function annotations.
Enhanced the `compare_versions` method to include a new `$raw` parameter for conditional handling. Improved readability, added additional checks, and updated translator comments to ensure compatibility and clear messaging.
Update country name from "Turkey" to "Türkiye"
Replaced the outdated reference to "Turkey" with "Türkiye" in the Ultimate Member plugin's built-in country list. This aligns with the country's preferred naming convention.
This update enhances security by introducing checks for banned and blacklisted meta keys in custom fields. It includes CSS updates for admin builder styles and ensures banned fields are flagged accurately in the site health tool.
Updated the user meta key from `um_registration_in_progress` to `_um_registration_in_progress` across multiple files for consistency and proper functionality. This change ensures accurate checking and handling of users in the registration process.
Introduced a new batch process to handle users lacking an `account_status` meta efficiently. Refactored legacy methods, added async scheduling, and created helper functions to manage and track progress. These changes improve performance and reliability for large user bases.
The WP_User_Query import was removed as it is not used in the code. This helps to clean up unnecessary code and improve maintainability. No functionality is affected by this change.
Introduce a new `Users` class to handle scheduled tasks for user status checks and batch processing. Refactor user approval functionality to allow silent operations and avoid sending notifications where unnecessary. Enhance user registration to prevent unfinished registrations from being processed in scheduled checks.
Introduced a setting to bypass "User Role > Registration Options" for auto-approving users created via wp-admin. Also adjusted admin email notifications to prevent alerts for user registrations made through wp-admin.
Updated the setting name across relevant files to improve clarity and better reflect its functionality. Adjusted related logic to ensure consistent behavior with the new naming.
Updated the registration process to avoid sending notifications for admin-created users. Simplified and clarified user status handling, ensuring consistent behavior across frontend and admin actions.
Bump stable version and update tested WordPress compatibility. Includes Action Scheduler refactor, bug fixes for Member Directory styles and filtering, and a PHP Warning fix. Cached assets should be regenerated after updating.
Added a condition to initialize UM_Member_Grid only when the directory has the 'um-members-grid' class. This avoids unintended initialization and ensures proper functionality.
Updated the Action Scheduler implementation to improve flexibility and clarity. Replaced the 'enable_action_scheduler' option with 'enable_as_email_sending' for better specificity. Introduced hook-based checks to selectively enable email scheduling, ensuring compatibility and optimized performance.
Added comments to clarify the usage of meta keys introduced in WooCommerce 9.1.0 and marked TODOs for future cleanup. Also included a legacy key, `_money_spent`, for backward compatibility with WooCommerce versions below 9.1.0.
Bump version references across the plugin files from 2.10.2 to 2.10.3. This includes updates to documentation, changelog placeholders, and blueprint download URLs to ensure consistency and preparation for the new release.
Mykyta Synelnikov