diff --git a/readme.txt b/readme.txt index 574efbad..3fb1af4f 100644 --- a/readme.txt +++ b/readme.txt @@ -169,9 +169,19 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI = 2.11.2 2026-02-09 = +**Enhancements** + +* Added: Server side validation when Searching Form is submitted. + **Bugfixes** -* Fixed: Security issue CVE ID: CVE-2025-15064. Deprecated ability to use HTML inside the user description. +* Fixed: Security issue CVE ID: CVE-2025-15064. Deprecated ability to use HTML inside the user description. It's still allowed to use only predefined 'user_description' tags in `wp_kses()`. +* Fixed: Security issue CVE ID: CVE-2026-1404. Changed template items formatting to avoid using HTML symbols in the filter values. + +* Templates required update: + +* members.php +* searchform.php = 2.11.1 2025-12-16 = diff --git a/templates/members.php b/templates/members.php index 109ef27f..ffa4e0a3 100644 --- a/templates/members.php +++ b/templates/members.php @@ -6,7 +6,7 @@ * * Page: "Members" * - * @version 2.11.1 + * @version 2.11.2 * * @var array $args */ @@ -343,13 +343,13 @@ $postid = ! empty( $post->ID ) ? $post->ID : ''; <# _.each( data.filters, function( filter, key, list ) { #>
<# if ( filter.type == 'slider' ) { #> - {{{filter.value_label}}} + {{filter.value_label}} <# } else { #> - {{{filter.label}}}: {{{filter.value_label}}} + {{filter.label}}: {{filter.value_label}} <# } #> -
×
+
×
<# }); #> <# } #>