mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 18:56:10 +09:00
Update to version 2.10.1 with critical security fixes
This release addresses a security vulnerability (CVE-2025-1702) and includes several bugfixes, such as honeypot script handling and activation link behavior. Users must flush cached assets (JS/CSS) after upgrading to ensure proper functionality. Upgrade immediately for improved security and stability.
This commit is contained in:
@@ -15,7 +15,7 @@
|
|||||||
"step": "installPlugin",
|
"step": "installPlugin",
|
||||||
"pluginZipFile": {
|
"pluginZipFile": {
|
||||||
"resource": "url",
|
"resource": "url",
|
||||||
"url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.0.zip"
|
"url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.1.zip"
|
||||||
},
|
},
|
||||||
"options": {
|
"options": {
|
||||||
"activate": true
|
"activate": true
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version
|
|||||||
|
|
||||||
### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
||||||
|
|
||||||
[Official Release Version: 2.10.0](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.0).
|
[Official Release Version: 2.10.1](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.1).
|
||||||
|
|
||||||
## Changelog
|
## Changelog
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,15 @@
|
|||||||
== Changelog ==
|
== Changelog ==
|
||||||
|
|
||||||
|
= 2.10.1 March 03, 2025 =
|
||||||
|
|
||||||
|
* Bugfixes:
|
||||||
|
|
||||||
|
- Fixed: Security issue CVE ID: CVE-2025-1702.
|
||||||
|
- Fixed: Activation link redirects to Reset Password after registration without password field and required email activation.
|
||||||
|
- Fixed: Honeypot scripts/styles for themes without pre-rendered shortcodes. Enqueue honeypot scripts/styles everytime.
|
||||||
|
|
||||||
|
* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade *
|
||||||
|
|
||||||
= 2.10.0 February 18, 2025 =
|
= 2.10.0 February 18, 2025 =
|
||||||
|
|
||||||
* Enhancements:
|
* Enhancements:
|
||||||
|
|||||||
+14
-1
@@ -6,7 +6,7 @@ Tags: community, member, membership, user-profile, user-registration
|
|||||||
Requires PHP: 7.0
|
Requires PHP: 7.0
|
||||||
Requires at least: 6.2
|
Requires at least: 6.2
|
||||||
Tested up to: 6.7
|
Tested up to: 6.7
|
||||||
Stable tag: 2.10.0
|
Stable tag: 2.10.1
|
||||||
License: GPLv3
|
License: GPLv3
|
||||||
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
|
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
|
||||||
|
|
||||||
@@ -167,6 +167,16 @@ No specific extensions are needed. But we highly recommended keep active these P
|
|||||||
|
|
||||||
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
||||||
|
|
||||||
|
= 2.10.1 2025-03-03 =
|
||||||
|
|
||||||
|
**Bugfixes**
|
||||||
|
|
||||||
|
* Fixed: Security issue CVE ID: CVE-2025-1702.
|
||||||
|
* Fixed: Activation link redirects to Reset Password after registration without password field and required email activation.
|
||||||
|
* Fixed: Honeypot scripts/styles for themes without pre-rendered shortcodes. Enqueue honeypot scripts/styles everytime.
|
||||||
|
|
||||||
|
**Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade**
|
||||||
|
|
||||||
= 2.10.0 2025-02-18 =
|
= 2.10.0 2025-02-18 =
|
||||||
|
|
||||||
**Enhancements**
|
**Enhancements**
|
||||||
@@ -267,6 +277,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
|
|||||||
|
|
||||||
== Upgrade Notice ==
|
== Upgrade Notice ==
|
||||||
|
|
||||||
|
= 2.10.1 =
|
||||||
|
This version fixes a security related bug. Upgrade immediately.
|
||||||
|
|
||||||
= 2.10.0 =
|
= 2.10.0 =
|
||||||
Increased the minimum PHP and WordPress requirements. The plugin now requires at least PHP 7.0 and WordPress 6.2. This version fixes a security related bug. Upgrade immediately.
|
Increased the minimum PHP and WordPress requirements. The plugin now requires at least PHP 7.0 and WordPress 6.2. This version fixes a security related bug. Upgrade immediately.
|
||||||
|
|
||||||
|
|||||||
+1
-1
@@ -3,7 +3,7 @@
|
|||||||
* Plugin Name: Ultimate Member
|
* Plugin Name: Ultimate Member
|
||||||
* Plugin URI: http://ultimatemember.com/
|
* Plugin URI: http://ultimatemember.com/
|
||||||
* Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
|
* Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
|
||||||
* Version: 2.10.0
|
* Version: 2.10.1
|
||||||
* Author: Ultimate Member
|
* Author: Ultimate Member
|
||||||
* Author URI: http://ultimatemember.com/
|
* Author URI: http://ultimatemember.com/
|
||||||
* Text Domain: ultimate-member
|
* Text Domain: ultimate-member
|
||||||
|
|||||||
Reference in New Issue
Block a user