mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 10:46:11 +09:00
Update dynamic function blacklist for security enhancement
Added a mechanism to dynamically retrieve and merge updated WordPress function lists into the blacklist to prevent unsafe usage in dropdown options. Addresses a security issue (CVE-2025-47691) by using a JSON-based function source tied to WordPress versioning.
This commit is contained in:
@@ -32,6 +32,7 @@ define( 'UM_PATH', plugin_dir_path( __FILE__ ) );
|
||||
define( 'UM_PLUGIN', plugin_basename( __FILE__ ) );
|
||||
define( 'UM_VERSION', $plugin_data['Version'] );
|
||||
define( 'UM_PLUGIN_NAME', $plugin_data['Name'] );
|
||||
define( 'UM_WP_FUNCTIONS_VERSION', '6.8.0' ); // Updates every major WordPress release.
|
||||
// define( 'UM_DEV_MODE', true );
|
||||
|
||||
require_once 'includes/class-functions.php';
|
||||
|
||||
Reference in New Issue
Block a user