Update Ultimate Member plugin to version 2.10.2

This release addresses a critical security vulnerability (CVE-2025-1702) by improving query handling with `$wpdb->prepare()`. It also introduces new filesystem utility methods (`maybe_init_wp_filesystem`, `remove_dir`) and updates documentation accordingly. Users are strongly advised to update immediately.
This commit is contained in:
Mykyta Synelnikov
2025-04-02 01:38:16 +03:00
parent 1ff60c2c3a
commit f346020d31
4 changed files with 28 additions and 3 deletions
+1 -1
View File
@@ -15,7 +15,7 @@
"step": "installPlugin", "step": "installPlugin",
"pluginZipFile": { "pluginZipFile": {
"resource": "url", "resource": "url",
"url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.1.zip" "url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.2.zip"
}, },
"options": { "options": {
"activate": true "activate": true
+1 -1
View File
@@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version
### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION ### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
[Official Release Version: 2.10.1](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.1). [Official Release Version: 2.10.2](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.2).
## Changelog ## Changelog
+11
View File
@@ -1,5 +1,16 @@
== Changelog == == Changelog ==
= 2.10.2 April 02, 2025 =
* Enhancements:
- Added: `UM()->common()-filesystem()::maybe_init_wp_filesystem();` method.
- Added: `UM()->common()-filesystem()::remove_dir();` method.
* Bugfixes:
- Fixed: Security issue CVE ID: CVE-2025-1702. Reviewed general search scripts and suggested another solution that uses only `$wpdb->prepare()`.
= 2.10.1 March 03, 2025 = = 2.10.1 March 03, 2025 =
* Bugfixes: * Bugfixes:
+15 -1
View File
@@ -6,7 +6,7 @@ Tags: community, member, membership, user-profile, user-registration
Requires PHP: 7.0 Requires PHP: 7.0
Requires at least: 6.2 Requires at least: 6.2
Tested up to: 6.7 Tested up to: 6.7
Stable tag: 2.10.1 Stable tag: 2.10.2
License: GPLv3 License: GPLv3
License URI: http://www.gnu.org/licenses/gpl-3.0.txt License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -167,6 +167,17 @@ No specific extensions are needed. But we highly recommended keep active these P
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
= 2.10.2 2025-04-02 =
**Enhancements**
* Added: `UM()->common()-filesystem()::maybe_init_wp_filesystem();` method.
* Added: `UM()->common()-filesystem()::remove_dir();` method.
**Bugfixes**
* Fixed: Security issue CVE ID: CVE-2025-1702. Reviewed general search scripts and suggested another solution that uses only `$wpdb->prepare()`.
= 2.10.1 2025-03-03 = = 2.10.1 2025-03-03 =
**Bugfixes** **Bugfixes**
@@ -278,6 +289,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
== Upgrade Notice == == Upgrade Notice ==
= 2.10.2 =
This version fixes a security related bug. Upgrade immediately.
= 2.10.1 = = 2.10.1 =
This version fixes a security related bug. Upgrade immediately. This version fixes a security related bug. Upgrade immediately.