From 74647d42cc8d63f5d4f687efcd0792c246c23039 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Fri, 28 Feb 2025 12:13:15 +0200 Subject: [PATCH] Fix improper namespace usage and enhance regex validation due to CVE ID: CVE-2025-1702 Replaced \WP_User_Query with correctly imported WP_User_Query to ensure proper namespace handling. Added a new regex pattern to block sleep injections, enhancing security within the member directory query validation. --- includes/core/class-member-directory.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/includes/core/class-member-directory.php b/includes/core/class-member-directory.php index 70ae0c0d..46cbf63a 100644 --- a/includes/core/class-member-directory.php +++ b/includes/core/class-member-directory.php @@ -1,6 +1,8 @@ query_args ); + $user_query = new WP_User_Query( $this->query_args ); remove_filter( 'pre_user_query', array( &$this, 'pagination_changes' ), 10 );