thanks to dear member @chavez updated Ultimate Member Core Plugin with a new update entry:
JULY 1, 2023
Read the rest of this update entry...
JULY 1, 2023
Read the rest of this update entry...
- Bugfixes:
- Fixed: A privilege escalation vulnerability used through UM Forms. Known in the wild that vulnerability allowed strangers to create administrator-level WordPress users. Please update immediately and check all administrator-level users on your website.
- Fixed: Displaying fields on Account page > Privacy > Member directory settings
- Fixed: Allowed types for the file field
- Fixed: Disabled weekdays for the datepicker field
- Fixed: Empty mail From data when there isn't set an option
- Fixed: Nonce validation for the admin actions handler
- Fixed: REST API endpoint List Pages redirecting to the homepage
- Fixed: Standardize the 'editable' attribute for the UM fields and hooks that can extend these fields
- Fixed: Redirection from default WordPress registration to UM registration page (if it's not a published)
* Enhancements:
- Added: Site Health sections
- Added: oEmbed field type
- Added: YouTube field type supports YouTube Shorts links
- Added: Profile permalink base options: Unique hash, Custom usermeta
- Added: UM Form meta `um_form_version` for legacy support in the future
- Added: Setting "Deleting user comments after deleting a user" for WordPress native logic workaround
- Added: `aria-invalid` and `aria-errormessage` attributes to the fields on UM Forms
- Updated...
* Enhancements:
- Updated: Twitter texts to X
- Added: Safeguards against clickjacking attacks on UM Forms
* Bugfixes:
- Fixed: Displaying notice to avoid using wrong symbols
- Fixed: UM > Settings button styles
- Fixed: Error notice when creating page via extensions
- Fixed: Workaround for Cropper.JS if UM.frontend.cropper.obj undefined (Cropper hasn't been properly inited for UM objects)
- Fixed: The visibility of sub-items of hidden menu items
* Enhancements:
- Added: The `data` protocol for embedding base64 encoded logos in emails
- Added: Hook `um_access_restricted_post_instance` for filtering the restricted post instance
- Added: Shortcode `[um_author_profile_link]` for getting user Profile URL
- Updated: Using underscore.js native debounce method for resize handler
- Updated: Texts spelling
* Bugfixes:
- Fixed: AJAX requests conflict with `um_current_locale` attribute
- Fixed: Pickadate styling (Date & Time...
**Enhancements**
* Tweak: Added separate file for full changelog. readme.txt shows only a few latest versions
**Bugfixes**
* Fixed: Member directory data sanitizing (CVE-2024-2123)
* Fixed: Activation link time changed from seconds to days
* Fixed: Password validation error
* Fixed: Password reset url for the approved user who didn't set their password after registration without password
* Fixed: Conflict with WebP Uploads
* Enhancements:
- Added: Member Directory > Admin Filtering supports datepicker and timepicker filter-types with only "From" or "To" filled value
- Added: Ability to customize modal templates upload-single.php and view-photo.php
- Added: New FontAwesome library. Version 6.5.2
* Bugfixes:
- Fixed: Using HTML in the block restriction message. Replaced escaper to wp_kses sanitize while saving
- Fixed: Getting user capabilities without role
- Fixed: YouTube validation when field...
Enhancements:
- Added: Single user actions on WP Users list table
- Updated: User status filter on WP Users list table
- Updated: User bulk actions on WP Users list table
- Updated: User actions on User Profile and Member Directory card
- Added: Applying shortcodes in the post restriction message
- Added: ProfilePage Structured Data
- Added: Ability to use HTML tags (allowed in `wp_kses_post`) in the global block restriction message
- Changed: Some wp-admin fields...
* Bugfixes:
- Fixed: Download routing initialization
- Fixed: Textarea height and HTML formatted textarea field height isolated via `<iframe>` on view mode
- Fixed: User registration if email activation or admin review are required
- Fixed: First installation errors
* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade