* fixed CVE-2024-12276;

* reviewed using $wpdb and WPCS;
* set minimum required version to 6.2 due to using %i for $wpdb->prepare;
This commit is contained in:
Mykyta Synelnikov
2025-02-03 16:17:37 +02:00
parent 26c8aa21e1
commit 4adbe19cbe
19 changed files with 249 additions and 194 deletions
+10 -6
View File
@@ -170,12 +170,16 @@ if ( ! class_exists( 'um\admin\core\Admin_GDPR' ) ) {
function get_metadata( $user_id ) {
global $wpdb;
$metadata = $wpdb->get_results( $wpdb->prepare(
"SELECT meta_key, meta_value
FROM {$wpdb->usermeta}
WHERE user_id = %d",
$user_id
), ARRAY_A );
$metadata = $wpdb->get_results(
$wpdb->prepare(
"SELECT meta_key,
meta_value
FROM {$wpdb->usermeta}
WHERE user_id = %d",
$user_id
),
ARRAY_A
);
$filtered = array();
foreach ( $metadata as $data ) {
+26 -2
View File
@@ -1177,7 +1177,19 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
$where = array( 'ID' => $post_id );
// translators: %s: Directory id.
$_POST['post_title'] = sprintf( __( 'Directory #%s', 'ultimate-member' ), $post_id );
$wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( wp_unslash( $_POST['post_title'] ) ) ), $where );
$wpdb->update(
$wpdb->posts,
array(
'post_title' => sanitize_text_field( wp_unslash( $_POST['post_title'] ) ),
),
$where,
array(
'%s',
),
array(
'%d',
)
);
}
do_action( 'um_before_member_directory_save', $post_id );
@@ -1275,7 +1287,19 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
$where = array( 'ID' => $post_id );
// translators: %s: Form id.
$_POST['post_title'] = sprintf( __( 'Form #%s', 'ultimate-member' ), $post_id );
$wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( wp_unslash( $_POST['post_title'] ) ) ), $where );
$wpdb->update(
$wpdb->posts,
array(
'post_title' => sanitize_text_field( wp_unslash( $_POST['post_title'] ) ),
),
$where,
array(
'%s',
),
array(
'%d',
)
);
}
// save
@@ -55,15 +55,18 @@ if ( ! empty( $um_roles ) ) {
$role_keys[] = $role_key;
}
$all_role_metadata = $wpdb->get_results( $wpdb->prepare(
"SELECT pm.meta_key,
pm.meta_value
FROM {$wpdb->postmeta} pm
WHERE pm.post_id = %d AND
pm.meta_key LIKE %s",
$um_role->ID,
"_um_%"
), ARRAY_A );
$all_role_metadata = $wpdb->get_results(
$wpdb->prepare(
"SELECT pm.meta_key,
pm.meta_value
FROM {$wpdb->postmeta} pm
WHERE pm.post_id = %d AND
pm.meta_key LIKE %s",
$um_role->ID,
"_um_%"
),
ARRAY_A
);
$role_metadata = array();
if ( ! empty( $all_role_metadata ) ) {
@@ -160,4 +163,4 @@ if ( version_compare( $wp_version, '4.9', '<' ) ) {
//temporary option
update_option( 'um_roles_associations', $roles_associations );
update_option( 'um_roles_associations', $roles_associations );
@@ -10,7 +10,8 @@ if ( ! empty( $postmeta ) ) {
update_post_meta( $row['post_id'], '_um_hide_pm_button', $value );
}
$wpdb->delete( "{$wpdb->postmeta}",
$wpdb->delete(
$wpdb->postmeta,
array(
'meta_value' => '_um_show_pm_button',
),
@@ -185,4 +186,4 @@ if ( ! empty( $groups ) && ! is_wp_error( $groups ) ) {
}
}
}
}
}
@@ -1,18 +1,22 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit;
<?php
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
global $wpdb;
$wpdb->update( "{$wpdb->usermeta}",
$wpdb->update(
$wpdb->usermeta,
array(
'meta_value' => serialize( array() ),
'meta_value' => serialize( array() ),
),
array(
'meta_key' => 'um_account_secure_fields',
'meta_key' => 'um_account_secure_fields',
),
array(
'%s'
'%s',
),
array(
'%s'
'%s',
)
);
);
@@ -28,29 +28,35 @@ function um_upgrade_metadata_per_user213beta3() {
global $wpdb;
$min_max = $wpdb->get_row( $wpdb->prepare(
"SELECT MIN(ID) AS MinID, MAX(ID) AS MaxID
FROM (
SELECT u.ID
FROM {$wpdb->users} as u
ORDER BY u.ID
LIMIT %d, %d
) as dt",
( absint( $_POST['page'] ) - 1 ) * $per_page,
$per_page
), ARRAY_A );
$min_max = $wpdb->get_row(
$wpdb->prepare(
"SELECT MIN(ID) AS MinID, MAX(ID) AS MaxID
FROM (
SELECT u.ID
FROM {$wpdb->users} as u
ORDER BY u.ID
LIMIT %d, %d
) as dt",
( absint( $_POST['page'] ) - 1 ) * $per_page,
$per_page
),
ARRAY_A
);
$metadata = $wpdb->get_results( $wpdb->prepare(
"SELECT u.ID as user_id,
um.meta_key as meta_key,
um.meta_value as meta_value
FROM {$wpdb->users} u
LEFT JOIN {$wpdb->usermeta} um ON ( um.user_id = u.ID AND um.meta_key IN( 'account_status','hide_in_members','synced_gravatar_hashed_id','synced_profile_photo','profile_photo','cover_photo','_um_verified' ) )
WHERE u.ID >= %d AND
u.ID <= %d",
$min_max['MinID'],
$min_max['MaxID']
), ARRAY_A );
$metadata = $wpdb->get_results(
$wpdb->prepare(
"SELECT u.ID as user_id,
um.meta_key as meta_key,
um.meta_value as meta_value
FROM {$wpdb->users} u
LEFT JOIN {$wpdb->usermeta} um ON ( um.user_id = u.ID AND um.meta_key IN( 'account_status','hide_in_members','synced_gravatar_hashed_id','synced_profile_photo','profile_photo','cover_photo','_um_verified' ) )
WHERE u.ID >= %d AND
u.ID <= %d",
$min_max['MinID'],
$min_max['MaxID']
),
ARRAY_A
);
$users_map = array();
foreach ( $metadata as $metadatarow ) {
+6 -6
View File
@@ -14,9 +14,9 @@ function um_upgrade_usermeta_count280() {
"SELECT COUNT(*)
FROM {$wpdb->usermeta}
WHERE meta_key = 'use_gdpr_agreement' OR
meta_key = 'um_user_blocked__timestamp' OR
meta_key = '_um_last_login' OR
meta_key = 'submitted'"
meta_key = 'um_user_blocked__timestamp' OR
meta_key = '_um_last_login' OR
meta_key = 'submitted'"
);
wp_send_json_success( array( 'count' => $count ) );
@@ -40,9 +40,9 @@ function um_upgrade_metadata_per_user280() {
"SELECT *
FROM {$wpdb->usermeta}
WHERE meta_key = 'use_gdpr_agreement' OR
meta_key = 'um_user_blocked__timestamp' OR
meta_key = '_um_last_login' OR
meta_key = 'submitted'
meta_key = 'um_user_blocked__timestamp' OR
meta_key = '_um_last_login' OR
meta_key = 'submitted'
LIMIT %d, %d",
( absint( $_POST['page'] ) - 1 ) * $per_page,
$per_page
+14 -13
View File
@@ -969,13 +969,15 @@ if ( ! class_exists( 'um\core\Access' ) ) {
$restricted_posts = array_unique( $restricted_posts );
foreach ( $restricted_posts as $k => $post_type ) {
if ( 'closed' === get_default_comment_status( $post_type ) ) {
$open_comments = $wpdb->get_var( $wpdb->prepare(
"SELECT ID
FROM {$wpdb->posts}
WHERE post_type = %s AND
comment_status != 'closed'",
$post_type
) );
$open_comments = $wpdb->get_var(
$wpdb->prepare(
"SELECT ID
FROM {$wpdb->posts}
WHERE post_type = %s AND
comment_status != 'closed'",
$post_type
)
);
if ( empty( $open_comments ) ) {
unset( $restricted_posts[ $k ] );
@@ -1070,12 +1072,11 @@ if ( ! class_exists( 'um\core\Access' ) ) {
}
$totals = (array) $wpdb->get_results(
"
SELECT comment_approved, COUNT( * ) AS total
FROM {$wpdb->comments}
{$where}
GROUP BY comment_approved
",
"SELECT comment_approved,
COUNT(*) AS total
FROM {$wpdb->comments}
{$where}
GROUP BY comment_approved",
ARRAY_A
);
@@ -169,7 +169,7 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
"SELECT umeta_id
FROM {$wpdb->prefix}um_metadata
WHERE user_id = %d AND
um_key = %s
um_key = %s
LIMIT 1",
$object_id,
$meta_key
+22 -31
View File
@@ -969,14 +969,17 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
default: {
$meta = $wpdb->get_row( $wpdb->prepare(
"SELECT MIN( CONVERT( meta_value, DECIMAL ) ) as min_meta,
MAX( CONVERT( meta_value, DECIMAL ) ) as max_meta,
COUNT( DISTINCT meta_value ) as amount
FROM {$wpdb->usermeta}
WHERE meta_key = %s",
$filter
), ARRAY_A );
$meta = $wpdb->get_row(
$wpdb->prepare(
"SELECT MIN( CONVERT( meta_value, DECIMAL ) ) as min_meta,
MAX( CONVERT( meta_value, DECIMAL ) ) as max_meta,
COUNT( DISTINCT meta_value ) as amount
FROM {$wpdb->usermeta}
WHERE meta_key = %s",
$filter
),
ARRAY_A
);
if ( isset( $meta['min_meta'] ) && isset( $meta['max_meta'] ) && isset( $meta['amount'] ) && $meta['amount'] > 1 ) {
$range = array( (float) $meta['min_meta'], (float) $meta['max_meta'] );
@@ -988,24 +991,6 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
break;
}
case 'birth_date': {
// $meta = $wpdb->get_col(
// "SELECT meta_value
// FROM {$wpdb->usermeta}
// WHERE meta_key = 'birth_date' AND
// meta_value != ''"
// );
//
// if ( empty( $meta ) || count( $meta ) < 2 ) {
// $range = false;
// } elseif ( is_array( $meta ) ) {
// $birth_dates = array_filter( array_map( 'strtotime', $meta ), 'is_numeric' );
// sort( $birth_dates );
// $min_meta = array_shift( $birth_dates );
// $max_meta = array_pop( $birth_dates );
// $range = array( $this->borndate( $max_meta ), $this->borndate( $min_meta ) );
// }
$meta = $wpdb->get_row(
"SELECT MIN( meta_value ) as min_meta,
MAX( meta_value ) as max_meta,
@@ -1013,7 +998,8 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
FROM {$wpdb->usermeta}
WHERE meta_key = 'birth_date' AND
meta_value != ''",
ARRAY_A );
ARRAY_A
);
if ( isset( $meta['min_meta'] ) && isset( $meta['max_meta'] ) && isset( $meta['amount'] ) && $meta['amount'] > 1 ) {
$range = array( $this->borndate( strtotime( $meta['max_meta'] ) ), $this->borndate( strtotime( $meta['min_meta'] ) ) );
@@ -1082,10 +1068,15 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
switch ( $filter ) {
default:
global $wpdb;
$meta = $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT meta_value
FROM {$wpdb->usermeta}
WHERE meta_key = %s
ORDER BY meta_value DESC", $filter ) );
$meta = $wpdb->get_col(
$wpdb->prepare(
"SELECT DISTINCT meta_value
FROM {$wpdb->usermeta}
WHERE meta_key = %s
ORDER BY meta_value DESC",
$filter
)
);
if ( empty( $meta ) || count( $meta ) === 1 ) {
$range = false;
+3 -4
View File
@@ -89,13 +89,12 @@ if ( ! class_exists( 'um\core\Query' ) ) {
"SELECT *
FROM {$wpdb->posts}
WHERE post_type = 'page' AND
post_status = 'publish'",
OBJECT
post_status = 'publish'"
);
$array = array();
if( $wpdb->num_rows > 0 ){
foreach ($pages as $page_data) {
if ( $wpdb->num_rows > 0 ) {
foreach ( $pages as $page_data ) {
$array[ $page_data->ID ] = $page_data->post_title;
}
}
+12 -5
View File
@@ -1379,16 +1379,23 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
foreach ( $files as $file ) {
$str = basename( $file );
if ( strstr( $str, 'profile_photo' ) || strstr( $str, 'cover_photo' ) || preg_grep( '/' . $str . '/', $_array ) ) {
if ( false !== strpos( $str, 'profile_photo' ) || false !== strpos( $str, 'cover_photo' ) || preg_grep( '/' . $str . '/', $_array ) ) {
continue;
}
// Don't delete photo that belongs to the Social Activity post or Groups post
if ( strstr( $str, 'stream_photo' ) ) {
if ( false !== strpos( $str, 'stream_photo' ) ) {
global $wpdb;
$is_post_image = $wpdb->get_var( "
SELECT COUNT(*) FROM {$wpdb->postmeta}
WHERE `meta_key`='_photo' AND `meta_value`='{$str}';" );
$is_post_image = $wpdb->get_var(
$wpdb->prepare(
"SELECT COUNT(*)
FROM {$wpdb->postmeta}
WHERE meta_key = '_photo' AND
meta_value = %s",
$str
)
);
if ( $is_post_image ) {
continue;
}
+9 -1
View File
@@ -211,7 +211,15 @@ if ( ! class_exists( 'um\core\User_posts' ) ) {
return 0;
}
$count = $wpdb->get_var("SELECT COUNT(comment_ID) FROM " . $wpdb->comments. " WHERE user_id = " . $user_id . " AND comment_approved = '1'");
$count = $wpdb->get_var(
$wpdb->prepare(
"SELECT COUNT(comment_ID)
FROM {$wpdb->comments}
WHERE user_id = %d AND
comment_approved = '1'",
$user_id
)
);
return $this->pretty_number_formatting( $count );
}
+10 -8
View File
@@ -110,14 +110,16 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) {
$user = get_transient( md5( 'um_api_user_' . $key ) );
if ( false === $user ) {
$user = $wpdb->get_var( $wpdb->prepare(
"SELECT user_id
FROM $wpdb->usermeta
WHERE meta_key = 'um_user_public_key' AND
meta_value = %s
LIMIT 1",
$key
) );
$user = $wpdb->get_var(
$wpdb->prepare(
"SELECT user_id
FROM $wpdb->usermeta
WHERE meta_key = 'um_user_public_key' AND
meta_value = %s
LIMIT 1",
$key
)
);
set_transient( md5( 'um_api_user_' . $key ) , $user, DAY_IN_SECONDS );
}
+10 -8
View File
@@ -109,14 +109,16 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) {
$user = get_transient( md5( 'um_api_user_' . $key ) );
if ( false === $user ) {
$user = $wpdb->get_var( $wpdb->prepare(
"SELECT user_id
FROM $wpdb->usermeta
WHERE meta_key = 'um_user_public_key' AND
meta_value = %s
LIMIT 1",
$key
) );
$user = $wpdb->get_var(
$wpdb->prepare(
"SELECT user_id
FROM $wpdb->usermeta
WHERE meta_key = 'um_user_public_key' AND
meta_value = %s
LIMIT 1",
$key
)
);
set_transient( md5( 'um_api_user_' . $key ) , $user, DAY_IN_SECONDS );
}
+17 -8
View File
@@ -218,9 +218,13 @@ function um_is_meta_value_exists( $key, $value, $return_user_id = false ) {
return UM()->profile()->arr_user_slugs['is_' . $return_user_id][$key];
}
if (!$return_user_id) {
$count = $wpdb->get_var( $wpdb->prepare(
"SELECT COUNT(*) as count FROM {$wpdb->usermeta} WHERE meta_key = %s AND meta_value = %s ",
if ( ! $return_user_id ) {
$count = $wpdb->get_var(
$wpdb->prepare(
"SELECT COUNT(*) AS count
FROM {$wpdb->usermeta}
WHERE meta_key = %s AND
meta_value = %s ",
$key,
$value
) );
@@ -230,11 +234,16 @@ function um_is_meta_value_exists( $key, $value, $return_user_id = false ) {
return $count;
}
$user_id = $wpdb->get_var( $wpdb->prepare(
"SELECT user_id FROM {$wpdb->usermeta} WHERE meta_key = %s AND meta_value = %s ",
$key,
$value
) );
$user_id = $wpdb->get_var(
$wpdb->prepare(
"SELECT user_id
FROM {$wpdb->usermeta}
WHERE meta_key = %s AND
meta_value = %s",
$key,
$value
)
);
UM()->profile()->arr_user_slugs['is_' . $return_user_id][$key] = $user_id;
+1 -1
View File
@@ -4,7 +4,7 @@ Plugin URI: https://ultimatemember.com/
Contributors: ultimatemember, champsupertramp, nsinelnikov
Tags: community, member, membership, user-profile, user-registration
Requires PHP: 5.6
Requires at least: 5.5
Requires at least: 6.2
Tested up to: 6.7
Stable tag: 2.9.2
License: GPLv3
+1 -1
View File
@@ -8,7 +8,7 @@
* Author URI: http://ultimatemember.com/
* Text Domain: ultimate-member
* Domain Path: /languages
* Requires at least: 5.5
* Requires at least: 6.2
* Requires PHP: 5.6
*
* @package UM
+52 -58
View File
@@ -70,12 +70,13 @@ if ( ! empty( $delete_options ) ) {
global $wp_roles;
$role_keys = get_option( 'um_roles', array() );
if ( class_exists( '\WP_Roles' ) ) {
if ( ! isset( $wp_roles ) ) {
$wp_roles = new \WP_Roles();
}
$role_keys = get_option( 'um_roles', array() );
if ( $role_keys ) {
foreach ( $role_keys as $roleID ) {
$role_meta = get_option( "um_role_{$roleID}_meta" );
@@ -89,7 +90,6 @@ if ( ! empty( $delete_options ) ) {
}
//remove user role meta
$role_keys = get_option( 'um_roles', array() );
if ( $role_keys ) {
foreach ( $role_keys as $role_key ) {
delete_option( 'um_role_' . $role_key . '_meta' );
@@ -136,65 +136,59 @@ if ( ! empty( $delete_options ) ) {
$wpdb->query(
"DELETE
FROM {$wpdb->usermeta}
WHERE meta_key LIKE '_um%' OR
meta_key LIKE 'um%' OR
meta_key LIKE 'reviews%' OR
meta_key = 'submitted' OR
meta_key = 'account_status' OR
meta_key = 'password_rst_attempts' OR
meta_key = 'profile_photo' OR
meta_key = '_enable_new_follow' OR
meta_key = '_enable_new_friend' OR
meta_key = '_mylists' OR
meta_key = '_enable_new_pm' OR
meta_key = '_hidden_conversations' OR
meta_key = '_pm_blocked' OR
meta_key = '_notifications_prefs' OR
meta_key = '_profile_progress' OR
meta_key = '_completed' OR
meta_key = '_cannot_add_review' OR
meta_key = 'synced_profile_photo' OR
meta_key = 'full_name' OR
meta_key = '_reviews' OR
meta_key = '_reviews_compound' OR
meta_key = '_reviews_total' OR
meta_key = '_reviews_avg'"
FROM {$wpdb->usermeta}
WHERE meta_key LIKE '_um%' OR
meta_key LIKE 'um%' OR
meta_key LIKE 'reviews%' OR
meta_key = 'submitted' OR
meta_key = 'account_status' OR
meta_key = 'password_rst_attempts' OR
meta_key = 'profile_photo' OR
meta_key = '_enable_new_follow' OR
meta_key = '_enable_new_friend' OR
meta_key = '_mylists' OR
meta_key = '_enable_new_pm' OR
meta_key = '_hidden_conversations' OR
meta_key = '_pm_blocked' OR
meta_key = '_notifications_prefs' OR
meta_key = '_profile_progress' OR
meta_key = '_completed' OR
meta_key = '_cannot_add_review' OR
meta_key = 'synced_profile_photo' OR
meta_key = 'full_name' OR
meta_key = '_reviews' OR
meta_key = '_reviews_compound' OR
meta_key = '_reviews_total' OR
meta_key = '_reviews_avg'"
);
$wpdb->query(
"DELETE
FROM {$wpdb->postmeta}
WHERE meta_key LIKE '_um%' OR
meta_key LIKE 'um%'"
FROM {$wpdb->postmeta}
WHERE meta_key LIKE '_um%' OR
meta_key LIKE 'um%'"
);
//remove all tables from extensions
$all_tables = "SHOW TABLES LIKE '{$wpdb->prefix}um\_%'";
$results = $wpdb->get_results( $all_tables );
// Remove all tables from extensions
$results = $wpdb->get_results( "SHOW TABLES LIKE '{$wpdb->prefix}um\_%'" );
if ( $results ) {
foreach ( $results as $index => $value ) {
foreach ( $value as $table_name ) {
$um_groups_members = $wpdb->prefix . 'um_groups_members';
if ( $table_name === $um_groups_members ) {
$wpdb->query( "
DELETE posts, term_rel, pmeta, terms, tax, commetns
FROM {$wpdb->posts} posts
LEFT JOIN {$wpdb->term_relationships} term_rel
ON (posts.ID = term_rel.object_id)
LEFT JOIN {$wpdb->postmeta} pmeta
ON (posts.ID = pmeta.post_id)
LEFT JOIN {$wpdb->terms} terms
ON (term_rel.term_taxonomy_id = terms.term_id)
LEFT JOIN {$wpdb->term_taxonomy} tax
ON (term_rel.term_taxonomy_id = tax.term_taxonomy_id)
LEFT JOIN {$wpdb->comments} commetns
ON (commetns.comment_post_ID = posts.ID)
WHERE posts.post_type = 'um_groups' OR posts.post_type = 'um_groups_discussion'"
$wpdb->query(
"DELETE posts, term_rel, pmeta, terms, tax, commetns
FROM {$wpdb->posts} posts
LEFT JOIN {$wpdb->term_relationships} term_rel ON (posts.ID = term_rel.object_id)
LEFT JOIN {$wpdb->postmeta} pmeta ON (posts.ID = pmeta.post_id)
LEFT JOIN {$wpdb->terms} terms ON (term_rel.term_taxonomy_id = terms.term_id)
LEFT JOIN {$wpdb->term_taxonomy} tax ON (term_rel.term_taxonomy_id = tax.term_taxonomy_id)
LEFT JOIN {$wpdb->comments} commetns ON (commetns.comment_post_ID = posts.ID)
WHERE posts.post_type = 'um_groups' OR
posts.post_type = 'um_groups_discussion'"
);
}
// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- $table_name is static variable
$wpdb->query( "DROP TABLE IF EXISTS $table_name" );
$wpdb->query( $wpdb->prepare( "DROP TABLE IF EXISTS %i", $table_name ) );
}
}
}
@@ -240,13 +234,12 @@ if ( ! empty( $delete_options ) ) {
}
}
//user tags
$wpdb->query( "
DELETE tax, terms
FROM {$wpdb->term_taxonomy} tax
LEFT JOIN {$wpdb->terms} terms
ON (tax.term_taxonomy_id = terms.term_id)
WHERE tax.taxonomy = 'um_user_tag'"
// User tags
$wpdb->query(
"DELETE tax, terms
FROM {$wpdb->term_taxonomy} tax
LEFT JOIN {$wpdb->terms} terms ON (tax.term_taxonomy_id = terms.term_id)
WHERE tax.taxonomy = 'um_user_tag'"
);
//mailchimp
@@ -259,9 +252,10 @@ if ( ! empty( $delete_options ) ) {
"SELECT option_name
FROM {$wpdb->options}
WHERE option_name LIKE '_um%' OR
option_name LIKE 'um_%' OR
option_name LIKE 'widget_um%' OR
option_name LIKE 'ultimatemember_%'" );
option_name LIKE 'um_%' OR
option_name LIKE 'widget_um%' OR
option_name LIKE 'ultimatemember_%'"
);
foreach ( $um_options as $um_option ) {
delete_option( $um_option->option_name );