Ultimate Member + Extensions Bundle 2.10.3 NULLED

2.10.3 2025-04-24​

Enhancements

• Added: The Ignore the "User Role > Registration Options" setting. It provides an ability to auto-approve users if they were created via wp-admin > Users screen.
• Tweak: Avoid email notifications to Administrator about user registration via wp-admin > Users screen.
• Tweak: Updated the Action Scheduler implementation to improve flexibility and clarity. Refactor Action Scheduler for not only email handling.

Bugfixes

• Fixed: Member Directory styles when it’s rendered on the Gutenberg builder page.
• Fixed: Member Directory filtering query when the custom users metatable is used.
• Fixed: PHP Warning that occurs when using the getimagesize function with an image from an external source.
• Fixed: Reset Password email notification’s the {password_reset_link}` placeholder.
• Fixed: Changed “Turkey” to the current official term “Türkiye”.

Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

2.10.2 2025-04-02​

Enhancements

• Added: UM()->common()-filesystem()::maybe_init_wp_filesystem(); method.
• Added: UM()->common()-filesystem()::remove_dir(); method.

Bugfixes

• Fixed: Security issue CVE ID: CVE-2025-1702. Reviewed general search scripts and suggested another solution that uses only $wpdb->prepare().

= 2.10.0 February 18, 2025 =

* Enhancements:

- Added: User Profile `form-id` attribute and updated code for Profile/Cover photos actions dropdowns.
- Added: Honeypot scripts/styles via `wp_add_inline_script()`, `wp_add_inline_style()` changed from direct adding in header and footer.
- Updated: We've made improvements to requests for extension updates to boost stability.
- Updated: PHP requirement - the minimum PHP version is now upgraded to 7.0.
- Updated: Using $wpdb and WPCS for queries. Set minimum required version to 6.2 due to using %i for `$wpdb->prepare()`.
- Updated: Revised wp-admin user actions handling. Now, the required capability is `edit_users` instead of `manage_options`.
- Removed: User Profile hidden inputs on view mode.
- Tweak: WPCS enhancements.

* Bugfixes:

- Fixed: Security issue CVE ID: CVE-2024-12276.
- Fixed: Custom usermeta table metakeys for filtering in member directory (from `_money_spent` to `wc_money_spent_` and added `wc_order_count_`).
- Fixed: Layout for "Download your data" and "Erase of your data" fields.
- Fixed: Image sizes used for Open Graph meta in User Profile headers are now corrected.
- Fixed: "Delete account text" settings visibility issue in wp-admin.
- Fixed: The "Privacy Policy" field in the registration form. Disallowed HTML from the "Privacy Policy" content (like `<form>`) is filtered out by the `wp_kses()` function.
- Fixed: Password fields are now sanitized the WordPress native way, with `wp_unslash()` omitted post-submission.

* Templates required update:

- gdpr-register.php
- profile.php

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade *

2.9.2 2025-01-14​

Enhancements

• Added: Compatibility with the new Ultimate Member – Zapier extension
• Added: Only approved user Reset Password setting defined as true by default
• Added: UM()->is_new_ui() function for future enhancements related to new UI
• Added: Filter hook um_before_user_submitted_registration_data
• Tweak: Changed hook’s priority for initialization of email templates paths
• Tweak: Removed load_plugin_textdomain due to (article)[https://make.wordpress.org/core/202...-support-for-only-using-PHP-translation-files]

Bugfixes

• Fixed: Security issue CVE ID: CVE-2025-0308
• Fixed: Security issue CVE ID: CVE-2025-0318
• Fixed: Using placeholders in email templates when Action Scheduler is active. Using fetch_user_id attribute for fetching necessary user before sending email
• Fixed: PHP 8.4 compatibility. Using WordPress native wp_is_mobile() instead of MobileDetect library
• Fixed: PHP errors related to UM()->localize() function
• Fixed: PHP errors in user meta header when last_update meta is empty
• Fixed: Small CSS changes and avoid duplicates
• Fixed: Removed ms-native show password button for type=”password” field in UM forms
• Fixed: Define scalable attribute for cropper

Deprecated

• Fully deprecated UM()->mobile() function
• Fully deprecated UM()->localize() function
• Fully deprecated um_language_textdomain filter hook

Templates required update

• account.php

Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

2.9.0 2024-11-12​

Enhancements

• Added: Action Scheduler (version 3.8.1) for email sending. More info is here.
• Added: Supporting new wp_register_block_metadata_collection() function for registering WP Blocks

Bugfixes

• Fixed: ajax_image_upload() and ajax_resize_image() handlers vulnerability. CVE ID: CVE-2024-10528
• Fixed: Disabling user status column wp-admin > Users screen
• Fixed: User status filter on wp-admin > Users on mobile devices
• Fixed: Extra unwrapping of the WP Editor field’s value

Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

2.8.9 2024-10-14​

Enhancements

• Added: Using PHP tidy extension (if it’s active) to make HTML textarea value clear
• Added: um_tidy_config filter hook for setting PHP tidy config
• Tweak: Avoid using force set_status() function.
• Tweak: Properly using UM()->common()->users()->get_status( $user_id ) instead of um_user( 'account_status' )
• Tweak: Properly using UM()->common()->users()->get_status( $user_id, 'formatted' ) instead of um_user( 'account_status_name' )
• Tweak: Properly using um_user( 'status' ) for getting user role setting while registration

Bugfixes

• Fixed: UM tipsy removing inside .um-page selector (e.g. tipsy init from um-modal)
• Fixed: Rollback using <iframe> for displaying HTML formatted textarea value
• Fixed: Capability to edit user profile for Administrator when user doesn’t have a capability to edit its profile
• Fixed: Sending email notifications based on user status after registration
• Fixed: PHP error when meta um_member_directory_data has a wrong format

Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

2.8.7 2024-10-01​

Enhancements

• Added: Single user actions on WP Users list table
• Updated: User status filter on WP Users list table
• Updated: User bulk actions on WP Users list table
• Updated: User actions on User Profile and Member Directory card
• Added: Applying shortcodes in the post restriction message
• Added: ProfilePage Structured Data
• Added: Ability to use HTML tags (allowed in wp_kses_post) in the global block restriction message
• Changed: Some wp-admin fields descriptions
• Updated: Data format in um_admin_bulk_user_actions_hook filter hook. Changed format from $action_slug => array( 'label' => $action_title ) to $action_slug => $action_title
• Added: $old_status param to um_after_user_status_is_changed action hook
• Added: $user_id param to um_before_user_hash_is_changed action hook
• Added: $user_id, $hash, $expiration params to um_after_user_hash_is_changed action hook
• Added: um_restricted_post_content filter hook
• Added: um_loggedin_inner_content filter hook
• Added: um_profile_dynamic_meta_profile_schema filter hook
• Removed: UM()->fields()->get_restricted_fields_for_edit() function from a fields loop

2.8.6 2024-05-22​

Enhancements

• Added: Member Directory > Admin Filtering supports datepicker and timepicker filter-types with only “From” or “To” filled value
• Added: Ability to customize modal templates upload-single.php and view-photo.php
• Added: New FontAwesome library. Version 6.5.2

= 2.8.3: February 19, 2024 =

* Enhancements:

- Added: Link to the Ultimate Member docs
- Tweak: Ultimate Member > Settings redesign. More details about setting up. Tooltips changed to descriptions.

* Bugfixes:

- Fixed: Member directory queries to custom usermeta table properly escaped and validated
- Fixed: Member directory custom sorting when wp_usermeta table is used
- Fixed: aria-invalid attribute for the user description field
- Fixed: wp_kses protocols for email notifications content
- Fixed: PHP notice while registration form validation
- Fixed: Field validations (English letters, Alpha-numeric types)
- Fixed: Hidden buttons in the modal when uploading profile and cover photo
- Fixed: Theme updater log message
- Fixed: Search line shortcode layout
- Fixed: PHP notice while login form submission
- Fixed: Email notifications HTML layout
- Fixed: Default email notification body color
- Fixed: Ignore username slug when custom meta slug exists when parse user from query

* Templates required update:

- email/notification_deletion.php
- email/notification_new_user.php
- email/notification_review.php
- email/welcome_email.php
- password-change.php

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade