Update to version 2.10.1 with critical security fixes

This release addresses a security vulnerability (CVE-2025-1702) and includes several bugfixes, such as honeypot script handling and activation link behavior. Users must flush cached assets (JS/CSS) after upgrading to ensure proper functionality. Upgrade immediately for improved security and stability.
This commit is contained in:
Mykyta Synelnikov
2025-02-28 14:31:58 +02:00
parent 2f18dccd09
commit bb4117eea4
5 changed files with 27 additions and 4 deletions
+1 -1
View File
@@ -15,7 +15,7 @@
"step": "installPlugin", "step": "installPlugin",
"pluginZipFile": { "pluginZipFile": {
"resource": "url", "resource": "url",
"url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.0.zip" "url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.1.zip"
}, },
"options": { "options": {
"activate": true "activate": true
+1 -1
View File
@@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version
### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION ### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
[Official Release Version: 2.10.0](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.0). [Official Release Version: 2.10.1](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.1).
## Changelog ## Changelog
+10
View File
@@ -1,5 +1,15 @@
== Changelog == == Changelog ==
= 2.10.1 March 03, 2025 =
* Bugfixes:
- Fixed: Security issue CVE ID: CVE-2025-1702.
- Fixed: Activation link redirects to Reset Password after registration without password field and required email activation.
- Fixed: Honeypot scripts/styles for themes without pre-rendered shortcodes. Enqueue honeypot scripts/styles everytime.
* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade *
= 2.10.0 February 18, 2025 = = 2.10.0 February 18, 2025 =
* Enhancements: * Enhancements:
+14 -1
View File
@@ -6,7 +6,7 @@ Tags: community, member, membership, user-profile, user-registration
Requires PHP: 7.0 Requires PHP: 7.0
Requires at least: 6.2 Requires at least: 6.2
Tested up to: 6.7 Tested up to: 6.7
Stable tag: 2.10.0 Stable tag: 2.10.1
License: GPLv3 License: GPLv3
License URI: http://www.gnu.org/licenses/gpl-3.0.txt License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -167,6 +167,16 @@ No specific extensions are needed. But we highly recommended keep active these P
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
= 2.10.1 2025-03-03 =
**Bugfixes**
* Fixed: Security issue CVE ID: CVE-2025-1702.
* Fixed: Activation link redirects to Reset Password after registration without password field and required email activation.
* Fixed: Honeypot scripts/styles for themes without pre-rendered shortcodes. Enqueue honeypot scripts/styles everytime.
**Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade**
= 2.10.0 2025-02-18 = = 2.10.0 2025-02-18 =
**Enhancements** **Enhancements**
@@ -267,6 +277,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
== Upgrade Notice == == Upgrade Notice ==
= 2.10.1 =
This version fixes a security related bug. Upgrade immediately.
= 2.10.0 = = 2.10.0 =
Increased the minimum PHP and WordPress requirements. The plugin now requires at least PHP 7.0 and WordPress 6.2. This version fixes a security related bug. Upgrade immediately. Increased the minimum PHP and WordPress requirements. The plugin now requires at least PHP 7.0 and WordPress 6.2. This version fixes a security related bug. Upgrade immediately.
+1 -1
View File
@@ -3,7 +3,7 @@
* Plugin Name: Ultimate Member * Plugin Name: Ultimate Member
* Plugin URI: http://ultimatemember.com/ * Plugin URI: http://ultimatemember.com/
* Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress * Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
* Version: 2.10.0 * Version: 2.10.1
* Author: Ultimate Member * Author: Ultimate Member
* Author URI: http://ultimatemember.com/ * Author URI: http://ultimatemember.com/
* Text Domain: ultimate-member * Text Domain: ultimate-member