mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 10:46:11 +09:00
Update Ultimate Member plugin to version 2.10.2
This release addresses a critical security vulnerability (CVE-2025-1702) by improving query handling with `$wpdb->prepare()`. It also introduces new filesystem utility methods (`maybe_init_wp_filesystem`, `remove_dir`) and updates documentation accordingly. Users are strongly advised to update immediately.
This commit is contained in:
@@ -15,7 +15,7 @@
|
||||
"step": "installPlugin",
|
||||
"pluginZipFile": {
|
||||
"resource": "url",
|
||||
"url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.1.zip"
|
||||
"url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.2.zip"
|
||||
},
|
||||
"options": {
|
||||
"activate": true
|
||||
|
||||
@@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version
|
||||
|
||||
### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
||||
|
||||
[Official Release Version: 2.10.1](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.1).
|
||||
[Official Release Version: 2.10.2](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.2).
|
||||
|
||||
## Changelog
|
||||
|
||||
|
||||
@@ -1,5 +1,16 @@
|
||||
== Changelog ==
|
||||
|
||||
= 2.10.2 April 02, 2025 =
|
||||
|
||||
* Enhancements:
|
||||
|
||||
- Added: `UM()->common()-filesystem()::maybe_init_wp_filesystem();` method.
|
||||
- Added: `UM()->common()-filesystem()::remove_dir();` method.
|
||||
|
||||
* Bugfixes:
|
||||
|
||||
- Fixed: Security issue CVE ID: CVE-2025-1702. Reviewed general search scripts and suggested another solution that uses only `$wpdb->prepare()`.
|
||||
|
||||
= 2.10.1 March 03, 2025 =
|
||||
|
||||
* Bugfixes:
|
||||
|
||||
+15
-1
@@ -6,7 +6,7 @@ Tags: community, member, membership, user-profile, user-registration
|
||||
Requires PHP: 7.0
|
||||
Requires at least: 6.2
|
||||
Tested up to: 6.7
|
||||
Stable tag: 2.10.1
|
||||
Stable tag: 2.10.2
|
||||
License: GPLv3
|
||||
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
|
||||
|
||||
@@ -167,6 +167,17 @@ No specific extensions are needed. But we highly recommended keep active these P
|
||||
|
||||
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
||||
|
||||
= 2.10.2 2025-04-02 =
|
||||
|
||||
**Enhancements**
|
||||
|
||||
* Added: `UM()->common()-filesystem()::maybe_init_wp_filesystem();` method.
|
||||
* Added: `UM()->common()-filesystem()::remove_dir();` method.
|
||||
|
||||
**Bugfixes**
|
||||
|
||||
* Fixed: Security issue CVE ID: CVE-2025-1702. Reviewed general search scripts and suggested another solution that uses only `$wpdb->prepare()`.
|
||||
|
||||
= 2.10.1 2025-03-03 =
|
||||
|
||||
**Bugfixes**
|
||||
@@ -278,6 +289,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
|
||||
|
||||
== Upgrade Notice ==
|
||||
|
||||
= 2.10.2 =
|
||||
This version fixes a security related bug. Upgrade immediately.
|
||||
|
||||
= 2.10.1 =
|
||||
This version fixes a security related bug. Upgrade immediately.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user