Addressed CVE-2025-13220 by implementing necessary fixes in the plugin's shortcodes and updating sanitization for shortcode attributes. Removed redundant compatibility checks for WordPress versions earlier than 5.4 and improved stability in the shortcode handling logic.
Enhanced the action hook 'um_after_profile_header_name' by including `$args` and `$user_id` parameters. Updated documentation and examples to reflect these changes, enabling more flexible and detailed customization options for developers.
Bump the required version of the 'groups' dependency from 2.4.2 to 2.5.0. This ensures compatibility with the latest features and fixes provided by the updated version.
Bump the plugin version from 2.10.7 to 2.11.0 in all relevant files, reflecting the latest release. This includes updates to documentation, metadata, changelogs, and file references to maintain consistency.
Refactor the subnav link class generation to use an array-based approach. This ensures better flexibility and readability while adding the "active" class conditionally when needed.
Updated the `um_cover_area_content` hook to pass an additional `$args` parameter for enhanced customization in the user profile cover wrapper. Improved the documentation for clarity and usability.
Downgraded the 'groups' dependency from 2.5.0 to 2.4.2 to address compatibility issues. This ensures proper functionality with the current plugin setup.
Ensure `get_option` returns an empty array as a fallback to prevent errors when metadata for a role does not exist. This resolves potential issues with undefined or unexpected data during role editing.
Enhanced the handling of wall posts and comments in both Activity and Groups modules. Updated Groups plugin to version 2.5.0, requiring UM Core 2.10.7. Adjusted dependency versions and changelogs to match the latest updates.
Bumps required plugin version dependencies for compatibility. Refactors the `emotize` method by adding a `$stripslashes` parameter to provide optional handling of string slashes, improving flexibility and functionality.
Bump version to 2.6.2, updating dependency requirements for UM core to 2.10.7. Integrated extensions updater and polished compatibility with Action Scheduler. Minor code formatting adjustments for better readability.
Introduced the `UM_UPDATER_DEBUG` constant to enable debugging for upgrade packages. This facilitates easier troubleshooting and testing during update processes.
Updated the `package_start` method to define separate hooks for 'start' and 'complete' package lifecycle events. This improves code clarity and prepares the updater for handling more specific actions in the future.
Introduced batch processing for extension updates with package start and complete hooks, preventing duplicate actions via transient flags. Added constants for configuration and helper methods to manage package version state effectively. Ensures smoother upgrade handling for Ultimate Member extensions.
Previously, requests on license validation did not adequately handle empty responses or WP errors. This update ensures retries are performed with `sslverify=true` in such cases and enhances debug logging to provide clearer error details for troubleshooting.
Previously, the profile URL was returned even when the user ID was empty. This change ensures the URL is only generated if the user ID is present, preventing potential errors.
Previously, the method assumed the comment object was always present, which could lead to errors. Added a null check to ensure a fallback to the original URL if the comment object is absent.
This release adds multiple enhancements, including WebP support, new filter hooks, license debugging, and improved extension upgrades. It also fixes issues like numeric field filtering, profile link handling, and dependencies with Action Scheduler. Cached assets should be regenerated post-upgrade.
Introduced a new method `is_license_debug_enabled` to check debug conditions and added extensive logging for license requests when debugging is enabled. A new constant `UM_LICENSE_REQUEST_DEBUG` was also defined to control debug mode. These changes enhance visibility into license request handling during development or troubleshooting.
New dependencies `ai-assistant` and `ai-moderation` were added to the Ultimate Member plugin. This ensures support for these features, expanding the plugin's capabilities.
Updated logic to handle the 'predefined' field flag when determining default page creation. This ensures buttons for creating default pages only appear under the correct conditions, improving reliability and consistency.
This update modifies the AJAX request in `forms.js` by including the field ID in the data payload. This improvement enables more precise handling of form fields in the Ultimate Member plugin's admin interface.
Standardized indentation across the allowed HTML keys to improve readability and maintain consistency in the codebase. This change ensures better alignment, making it easier to navigate and understand the structure."
Introduce `um_post_is_predefined_page` to determine if a given post ID corresponds to a predefined page. This enhances functionality by allowing checks against predefined page slugs mapped in the plugin configuration.
Introduced 'sanitize_array_key_int' and 'sanitize_array_key' cases to enhance sanitization of array-based input in admin settings. This ensures default values are used for invalid keys and enforces stricter validation for cleaner and more secure input handling.
Improved logic to handle cases where the cover image size array is invalid or empty by adding a fallback default size. For mobile devices, the second size is used if available, or the first size is used as a fallback. This ensures proper cover size selection and prevents potential errors.
Ensure 'start_of_week' option is validated as numeric to prevent incorrect calculations. This fixes potential issues when non-numeric values are stored in the option.
Introduced the `um_get_empty_status_users_query_result` filter to allow customization of the query used for fetching users with empty statuses. This enhances flexibility and enables optimization for different website setups. Updated relevant documentation in the readme file.
Refactored methods to change user profile edit and comment author URL logic, ensuring compatibility with Ultimate Member plugin's structure. Updated readme file to reflect changes and fixed bugs related to profile link display in the comments section.
Prevent caching on mobile devices for login, register, and account pages in Ultimate Member. This ensures updated content is always displayed and avoids caching-related issues on these critical pages.
Introduced a new `Extensions_Updater` class to manage extension update processes, including version checks and file execution. Added a corresponding `extension_updater` method in `class-admin.php` to initialize and manage updater instances based on provided data.
Previously, empty `meta_value` entries were included in the query, potentially causing inaccurate results. This update adds a condition to exclude empty `meta_value` entries, ensuring more reliable directory filtering.
Updated the condition to ensure proper validation for secondary email fields. This change ensures unique email addresses and prevents potential conflicts in user data.
Updated conditions to handle empty and invalid email input more accurately. Ensures required emails are not skipped and includes stricter checks for existing or incorrect emails.
Introduced new filter hooks for primary button classes in forms and improved URL handling for password resets and account activations. Deprecated several unused functions and replaced them with updated alternatives to streamline the codebase. Updated documentation and templates accordingly.
Updated the user ID comparison logic in the Ultimate Member plugin to use `absint` for both values. This prevents type mismatches and ensures robust validation during form submission.
Added `strip_shortcodes` across various sanitization routines to ensure user inputs do not execute shortcodes. This enhances security by blocking unintended shortcode processing in fields such as text, email, URLs, and form descriptions.
Mykyta Synelnikov