mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-16 21:23:39 +09:00
Merge pull request #1769 from ultimatemember/fix/CVE-2025-13220
Fix security vulnerability CVE-2025-13220 in Ultimate Member.
This commit is contained in:
+5
-2
@@ -2,8 +2,11 @@
|
||||
|
||||
= 2.11.1 December xx, 2025 =
|
||||
|
||||
Fixed: CVE-2025-13217.
|
||||
Fixed: CVE-2025-14081.
|
||||
* Bugfixes:
|
||||
|
||||
- Fixed: CVE-2025-13220.
|
||||
- Fixed: CVE-2025-13217.
|
||||
- Fixed: CVE-2025-14081.
|
||||
|
||||
= 2.11.0 December 02, 2025 =
|
||||
|
||||
|
||||
@@ -527,10 +527,10 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function ultimatemember_login( $args = array() ) {
|
||||
public function ultimatemember_login( $args = array() ) {
|
||||
global $wpdb;
|
||||
|
||||
$args = ! empty( $args ) ? $args : array();
|
||||
$args = shortcode_atts( array(), $args, 'ultimatemember_login' );
|
||||
|
||||
$default_login = $wpdb->get_var(
|
||||
"SELECT pm.post_id
|
||||
@@ -547,23 +547,18 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
$shortcode_attrs .= " {$key}=\"{$value}\"";
|
||||
}
|
||||
|
||||
if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) {
|
||||
return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
} else {
|
||||
return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
}
|
||||
return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param array $args
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function ultimatemember_register( $args = array() ) {
|
||||
public function ultimatemember_register( $args = array() ) {
|
||||
global $wpdb;
|
||||
|
||||
$args = ! empty( $args ) ? $args : array();
|
||||
$args = shortcode_atts( array(), $args, 'ultimatemember_register' );
|
||||
|
||||
$default_register = $wpdb->get_var(
|
||||
"SELECT pm.post_id
|
||||
@@ -580,23 +575,18 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
$shortcode_attrs .= " {$key}=\"{$value}\"";
|
||||
}
|
||||
|
||||
if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) {
|
||||
return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
} else {
|
||||
return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
}
|
||||
return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param array $args
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function ultimatemember_profile( $args = array() ) {
|
||||
public function ultimatemember_profile( $args = array() ) {
|
||||
global $wpdb;
|
||||
|
||||
$args = ! empty( $args ) ? $args : array();
|
||||
$args = shortcode_atts( array(), $args, 'ultimatemember_profile' );
|
||||
|
||||
$default_profile = $wpdb->get_var(
|
||||
"SELECT pm.post_id
|
||||
@@ -614,23 +604,18 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
$shortcode_attrs .= " {$key}=\"{$value}\"";
|
||||
}
|
||||
|
||||
if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) {
|
||||
return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
} else {
|
||||
return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
}
|
||||
return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param array $args
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function ultimatemember_directory( $args = array() ) {
|
||||
public function ultimatemember_directory( $args = array() ) {
|
||||
global $wpdb;
|
||||
|
||||
$args = ! empty( $args ) ? $args : array();
|
||||
$args = shortcode_atts( array(), $args, 'ultimatemember_directory' );
|
||||
|
||||
$default_directory = $wpdb->get_var(
|
||||
"SELECT pm.post_id
|
||||
@@ -648,11 +633,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
$shortcode_attrs .= " {$key}=\"{$value}\"";
|
||||
}
|
||||
|
||||
if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) {
|
||||
return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
} else {
|
||||
return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
}
|
||||
return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -171,6 +171,7 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
|
||||
|
||||
**Bugfixes**
|
||||
|
||||
* Fixed: CVE-2025-13220.
|
||||
* Fixed: CVE-2025-13217.
|
||||
* Fixed: CVE-2025-14081.
|
||||
* Fixed: CVE-2025-12492.
|
||||
@@ -340,6 +341,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
|
||||
|
||||
== Upgrade Notice ==
|
||||
|
||||
= 2.11.1 =
|
||||
This version fixes a security related bug. Upgrade immediately.
|
||||
|
||||
= 2.10.4 =
|
||||
This version fixes a security related bug. Upgrade immediately.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user