Update Ultimate Member plugin to version 2.10.2

This release addresses a critical security vulnerability (CVE-2025-1702) by improving query handling with `$wpdb->prepare()`. It also introduces new filesystem utility methods (`maybe_init_wp_filesystem`, `remove_dir`) and updates documentation accordingly. Users are strongly advised to update immediately.
This commit is contained in:
Mykyta Synelnikov
2025-04-02 01:38:16 +03:00
parent 1ff60c2c3a
commit f346020d31
4 changed files with 28 additions and 3 deletions
+15 -1
View File
@@ -6,7 +6,7 @@ Tags: community, member, membership, user-profile, user-registration
Requires PHP: 7.0
Requires at least: 6.2
Tested up to: 6.7
Stable tag: 2.10.1
Stable tag: 2.10.2
License: GPLv3
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -167,6 +167,17 @@ No specific extensions are needed. But we highly recommended keep active these P
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
= 2.10.2 2025-04-02 =
**Enhancements**
* Added: `UM()->common()-filesystem()::maybe_init_wp_filesystem();` method.
* Added: `UM()->common()-filesystem()::remove_dir();` method.
**Bugfixes**
* Fixed: Security issue CVE ID: CVE-2025-1702. Reviewed general search scripts and suggested another solution that uses only `$wpdb->prepare()`.
= 2.10.1 2025-03-03 =
**Bugfixes**
@@ -278,6 +289,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
== Upgrade Notice ==
= 2.10.2 =
This version fixes a security related bug. Upgrade immediately.
= 2.10.1 =
This version fixes a security related bug. Upgrade immediately.