diff --git a/changelog.txt b/changelog.txt index e372666a..b28b26ca 100644 --- a/changelog.txt +++ b/changelog.txt @@ -2,7 +2,9 @@ = 2.11.1 December xx, 2025 = +* Bugfixes: + - Fixed: CVE-2025-13220. = 2.11.0 December 02, 2025 = diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php index 4b73767d..cfff4958 100644 --- a/includes/core/class-shortcodes.php +++ b/includes/core/class-shortcodes.php @@ -527,10 +527,10 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { * * @return string */ - function ultimatemember_login( $args = array() ) { + public function ultimatemember_login( $args = array() ) { global $wpdb; - $args = ! empty( $args ) ? $args : array(); + $args = shortcode_atts( array(), $args, 'ultimatemember_login' ); $default_login = $wpdb->get_var( "SELECT pm.post_id @@ -547,23 +547,18 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $shortcode_attrs .= " {$key}=\"{$value}\""; } - if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) { - return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" ); - } else { - return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); - } + return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); } - /** * @param array $args * * @return string */ - function ultimatemember_register( $args = array() ) { + public function ultimatemember_register( $args = array() ) { global $wpdb; - $args = ! empty( $args ) ? $args : array(); + $args = shortcode_atts( array(), $args, 'ultimatemember_register' ); $default_register = $wpdb->get_var( "SELECT pm.post_id @@ -580,23 +575,18 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $shortcode_attrs .= " {$key}=\"{$value}\""; } - if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) { - return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" ); - } else { - return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); - } + return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); } - /** * @param array $args * * @return string */ - function ultimatemember_profile( $args = array() ) { + public function ultimatemember_profile( $args = array() ) { global $wpdb; - $args = ! empty( $args ) ? $args : array(); + $args = shortcode_atts( array(), $args, 'ultimatemember_profile' ); $default_profile = $wpdb->get_var( "SELECT pm.post_id @@ -614,23 +604,18 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $shortcode_attrs .= " {$key}=\"{$value}\""; } - if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) { - return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" ); - } else { - return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); - } + return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); } - /** * @param array $args * * @return string */ - function ultimatemember_directory( $args = array() ) { + public function ultimatemember_directory( $args = array() ) { global $wpdb; - $args = ! empty( $args ) ? $args : array(); + $args = shortcode_atts( array(), $args, 'ultimatemember_directory' ); $default_directory = $wpdb->get_var( "SELECT pm.post_id @@ -648,11 +633,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $shortcode_attrs .= " {$key}=\"{$value}\""; } - if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) { - return do_shortcode( "[ultimatemember {$shortcode_attrs} /]" ); - } else { - return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); - } + return apply_shortcodes( "[ultimatemember {$shortcode_attrs} /]" ); } /** diff --git a/readme.txt b/readme.txt index b00c2e6a..636cd1fa 100644 --- a/readme.txt +++ b/readme.txt @@ -169,7 +169,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI = 2.11.1 2025-12-xx = +**Bugfixes** +* Fixed: CVE-2025-13220. = 2.11.0 2025-12-02 = @@ -336,6 +338,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI == Upgrade Notice == += 2.11.1 = +This version fixes a security related bug. Upgrade immediately. + = 2.10.4 = This version fixes a security related bug. Upgrade immediately.