mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 18:56:10 +09:00
Update Ultimate Member plugin to version 2.10.2
This release addresses a critical security vulnerability (CVE-2025-1702) by improving query handling with `$wpdb->prepare()`. It also introduces new filesystem utility methods (`maybe_init_wp_filesystem`, `remove_dir`) and updates documentation accordingly. Users are strongly advised to update immediately.
This commit is contained in:
@@ -15,7 +15,7 @@
|
|||||||
"step": "installPlugin",
|
"step": "installPlugin",
|
||||||
"pluginZipFile": {
|
"pluginZipFile": {
|
||||||
"resource": "url",
|
"resource": "url",
|
||||||
"url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.1.zip"
|
"url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.10.2.zip"
|
||||||
},
|
},
|
||||||
"options": {
|
"options": {
|
||||||
"activate": true
|
"activate": true
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version
|
|||||||
|
|
||||||
### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
||||||
|
|
||||||
[Official Release Version: 2.10.1](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.1).
|
[Official Release Version: 2.10.2](https://github.com/ultimatemember/ultimatemember/releases/tag/2.10.2).
|
||||||
|
|
||||||
## Changelog
|
## Changelog
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,16 @@
|
|||||||
== Changelog ==
|
== Changelog ==
|
||||||
|
|
||||||
|
= 2.10.2 April 02, 2025 =
|
||||||
|
|
||||||
|
* Enhancements:
|
||||||
|
|
||||||
|
- Added: `UM()->common()-filesystem()::maybe_init_wp_filesystem();` method.
|
||||||
|
- Added: `UM()->common()-filesystem()::remove_dir();` method.
|
||||||
|
|
||||||
|
* Bugfixes:
|
||||||
|
|
||||||
|
- Fixed: Security issue CVE ID: CVE-2025-1702. Reviewed general search scripts and suggested another solution that uses only `$wpdb->prepare()`.
|
||||||
|
|
||||||
= 2.10.1 March 03, 2025 =
|
= 2.10.1 March 03, 2025 =
|
||||||
|
|
||||||
* Bugfixes:
|
* Bugfixes:
|
||||||
|
|||||||
+15
-1
@@ -6,7 +6,7 @@ Tags: community, member, membership, user-profile, user-registration
|
|||||||
Requires PHP: 7.0
|
Requires PHP: 7.0
|
||||||
Requires at least: 6.2
|
Requires at least: 6.2
|
||||||
Tested up to: 6.7
|
Tested up to: 6.7
|
||||||
Stable tag: 2.10.1
|
Stable tag: 2.10.2
|
||||||
License: GPLv3
|
License: GPLv3
|
||||||
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
|
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
|
||||||
|
|
||||||
@@ -167,6 +167,17 @@ No specific extensions are needed. But we highly recommended keep active these P
|
|||||||
|
|
||||||
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
||||||
|
|
||||||
|
= 2.10.2 2025-04-02 =
|
||||||
|
|
||||||
|
**Enhancements**
|
||||||
|
|
||||||
|
* Added: `UM()->common()-filesystem()::maybe_init_wp_filesystem();` method.
|
||||||
|
* Added: `UM()->common()-filesystem()::remove_dir();` method.
|
||||||
|
|
||||||
|
**Bugfixes**
|
||||||
|
|
||||||
|
* Fixed: Security issue CVE ID: CVE-2025-1702. Reviewed general search scripts and suggested another solution that uses only `$wpdb->prepare()`.
|
||||||
|
|
||||||
= 2.10.1 2025-03-03 =
|
= 2.10.1 2025-03-03 =
|
||||||
|
|
||||||
**Bugfixes**
|
**Bugfixes**
|
||||||
@@ -278,6 +289,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
|
|||||||
|
|
||||||
== Upgrade Notice ==
|
== Upgrade Notice ==
|
||||||
|
|
||||||
|
= 2.10.2 =
|
||||||
|
This version fixes a security related bug. Upgrade immediately.
|
||||||
|
|
||||||
= 2.10.1 =
|
= 2.10.1 =
|
||||||
This version fixes a security related bug. Upgrade immediately.
|
This version fixes a security related bug. Upgrade immediately.
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user