Improved: Strengthened security for Authenticated (Contributor+) Remote Code Execution vulnerability
Added: “Talk with AI Assistant” button on the plugin page.
Fixed: Resolved PHP deprecated issues within the plugin.
Fixed: Resolved authenticated (Contributor+) remote code execution vulnerability.
Fixed: Resolved additional security vulnerabilities in the Display Logic feature.
Fixed: Validation to block additional dangerous patterns in Display Logic expressions.
Improved: Validation of widgetopts-settings-nonce to unauthorized settings changes.
no change log for this version on link
https://widget-options.com/changelog/
Added a Dismiss button and fixed the issue with hiding the Migration Notice
Improved: Added the new Display Logic Snippet System
Fix: Resolved issues where Widget Option settings on pages were not saving
Fix: Resolved Authenticated (Contributor+) Remote Code Execution vulnerability in the Display Logic feature
Fix: Resolved Remote Code Execution (RCE) vulnerability
Fix: Resolved Improper Neutralization of Directives in Dynamically Evaluated Code (\'Eval Injection\') vulnerability
Fix: Addressed the issue where widgets were not displaying in certain instances due to the Ignore Year Parameter feature.
Fix: Sanitized input to address Authenticated (Contributor+) Stored Cross-Site Scripting
Fix: Sanitized input to address Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
Fix: Added validation for PHP code in Display Logic to block dangerous patterns when saving settings via Ajax
Fix: Fixed vulnerability that could lead to Arbitrary Code Execution (ACE)
Tweak: Improved conditional logic queue for better functionality
Fix: Resolved preg_match(): Unknown modifier \'/\' error in includes/extras.php (line 599)
Fix: Fixed vulnerability that could lead to Arbitrary Code Execution (ACE) and Remote Code Execution (RCE)
full change log on link
https://widget-options.com/changelog/