- Patched critical PHP Object Injection vulnerability (CVE-2024-2172) as reported by Wordfence
- Replaced all unserialize() and maybe_unserialize() usage on user-controlled and database fields with secure JSON decoding
- Hardened all admin, export, and meta/option data handling against object injection
- Improved input validation and sanitization throughout the plugin
- Fixed 'A non-numeric value encountered' warning in open seats calculation on dashboard
- Updated plugin version to 2.6.3
