Fix security vulnerability CVE-2025-13220 in Ultimate Member.

Addressed CVE-2025-13220 by implementing necessary fixes in the plugin's shortcodes and updating sanitization for shortcode attributes. Removed redundant compatibility checks for WordPress versions earlier than 5.4 and improved stability in the shortcode handling logic.
This commit is contained in:
Mykyta Synelnikov
2025-12-05 17:41:51 +02:00
parent b75a2145dd
commit e9abab925f
3 changed files with 19 additions and 31 deletions
+5
View File
@@ -169,7 +169,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
= 2.11.1 2025-12-xx =
**Bugfixes**
* Fixed: CVE-2025-13220.
= 2.11.0 2025-12-02 =
@@ -336,6 +338,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
== Upgrade Notice ==
= 2.11.1 =
This version fixes a security related bug. Upgrade immediately.
= 2.10.4 =
This version fixes a security related bug. Upgrade immediately.