mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 10:46:11 +09:00
Update Ultimate Member plugin to version 2.10.2
This release addresses a critical security vulnerability (CVE-2025-1702) by improving query handling with `$wpdb->prepare()`. It also introduces new filesystem utility methods (`maybe_init_wp_filesystem`, `remove_dir`) and updates documentation accordingly. Users are strongly advised to update immediately.
This commit is contained in:
+15
-1
@@ -6,7 +6,7 @@ Tags: community, member, membership, user-profile, user-registration
|
||||
Requires PHP: 7.0
|
||||
Requires at least: 6.2
|
||||
Tested up to: 6.7
|
||||
Stable tag: 2.10.1
|
||||
Stable tag: 2.10.2
|
||||
License: GPLv3
|
||||
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
|
||||
|
||||
@@ -167,6 +167,17 @@ No specific extensions are needed. But we highly recommended keep active these P
|
||||
|
||||
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
||||
|
||||
= 2.10.2 2025-04-02 =
|
||||
|
||||
**Enhancements**
|
||||
|
||||
* Added: `UM()->common()-filesystem()::maybe_init_wp_filesystem();` method.
|
||||
* Added: `UM()->common()-filesystem()::remove_dir();` method.
|
||||
|
||||
**Bugfixes**
|
||||
|
||||
* Fixed: Security issue CVE ID: CVE-2025-1702. Reviewed general search scripts and suggested another solution that uses only `$wpdb->prepare()`.
|
||||
|
||||
= 2.10.1 2025-03-03 =
|
||||
|
||||
**Bugfixes**
|
||||
@@ -278,6 +289,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
|
||||
|
||||
== Upgrade Notice ==
|
||||
|
||||
= 2.10.2 =
|
||||
This version fixes a security related bug. Upgrade immediately.
|
||||
|
||||
= 2.10.1 =
|
||||
This version fixes a security related bug. Upgrade immediately.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user