WP Extended Pro

WP Extended Pro 3.2.7 Nulled

No permission to download
### Features
- **Public Preview Links** (new Pro module): Generate publicly accessible preview links for draft, pending, scheduled, and private posts so reviewers can view unpublished content without logging in. Native integration in both the block editor (sidebar panel) and classic editor (meta box), with expiring tokens, one-click copy, and revoke.
- **Custom User Avatar** (new module): Upload a custom profile picture from the WordPress profile screen, with live preview and one-click revert to Gravatar. Applies site-wide.
- **Admin Customiser**: Defers to each user's WordPress admin colour scheme — custom colours only apply where explicitly set.
- **Admin Customiser**: New "Item Hover Background Colour" setting for admin bar items.
- **Licensing**: Migrated to FluentCart. Existing licences keep working with no action needed.

### Fixes
- **Duplicate Post**: "Duplicate" button could disappear in the block editor or fail to identify the post in the classic editor. Now stays put and works in both.
- **Quick Add Post**: "New" button could vanish from the block editor toolbar after editor changes. Now stays visible.
- **Admin Customiser**: Fixed the sidebar menu flashing the default colour on hover.
- **Maintenance Mode**: Synced the default body text between the settings screen and the live page.

### Improvements
- **Admin Customiser**: Unified colour field labels across the Admin Bar and Sidebar tabs.
### Features
- **SMTP Email**: Added third-party email provider integrations (Brevo, SendGrid, Postmark, SparkPost, Emailit, ToSend) as alternatives to raw SMTP credentials. Refactored module into a handler architecture with `EmailHandlerInterface`, `BaseEmailHandler`, and `ProviderRegistry`; `SmtpHandler` is now a thin orchestrator that delegates to the active provider.
- **SMTP Email**: API key verify button with real connection test, improved email logs with auto-refresh, status badges, and error tooltips.
- **Maintenance Mode**: Admin bar one-click toggle with role-based permissions (Pro). New `POST /wpextended/v1/maintenance-mode/toggle` REST endpoint with nonce verification and role-based permission checks.
- **Global**: New `uninstall.php` runs destructive cleanup only when the plugin is uninstalled and `remove_plugin_data` is enabled; deactivation is now non-destructive.

### Fixes
- **Debug Mode**: Pro bootstrap kept registering hooks after module disable, leaving a persistent "WP Debug is currently disabled" admin notice. Bootstrap now bails when the parent module is disabled and clears stored notices.
- **Duplicate Post**: Elementor-built pages lost all styles on duplication because the integration called `files_manager->clear_cache()` (a global cache nuke) instead of regenerating per-post CSS. Now uses `Post_CSS::create($postId)->update()` and clears `_elementor_element_cache`.
- **User Last Login**: Last Login column not rendering values in users list table.
- **Folder Manager**: Block editor folder panel returned "could not move to folder" (404). Fixed by switching from WP core `/wp/v2/{postType}/{postId}` to the plugin's `wpextended/v1/folder-manager/items/move` endpoint which handles post type resolution internally.
- **Rollback Manager**: `ArgumentCountError: Too few arguments to function themeActionLink()` crashed the Themes screen on multisite. The `theme_action_links` filter passes 3 args, not 4; callback signature corrected to use the `WP_Theme` object passed as the 2nd arg.
- **SMTP Email**: Download Logs button did not trigger the CSV export. Rendered element switched from a button-style `link` type to an anchor tag with `data-allow-default` so the browser follows the download URL [Pro].

### Security
- **SMTP Email**: The admin-post handler for exporting email logs as CSV did not enforce a capability check. Added `manage_options` gating consistent with the REST log endpoints; non-admin users now receive 403 [Pro].

### Design Rationale
- Cleanup moved out of `Deactivator` and into `uninstall.php` so users can temporarily deactivate the plugin without losing module settings or custom table data.
- SMTP module refactor favours per-provider HTTP handlers over a monolithic SMTP class; each provider implements `EmailHandlerInterface` for consistent send/test behaviour.
- Maintenance Mode admin bar is always visible for users with toggle permission (red when active, neutral when disabled); admins get a settings sub-link, non-admin toggle users only see the toggle.
### Security
- Fixed privilege escalation vulnerability in Menu Editor module that allowed lower-privileged users to gain elevated capabilities
- Restricted disk usage widget to administrators only
- Removed blanket capability grants on dashboard/profile requests

### Design Rationale
- Menu Editor no longer dynamically grants capabilities to users; instead it validates that the current user already holds the required capability before rendering menu items
- SettingsManager capability field now displays a description warning about high-privilege capabilities rather than injecting runtime grants

### Notes & Caveats
- Users who relied on Menu Editor to grant capabilities to lower roles will need to assign those capabilities via a role management plugin instead
* Added: Folder Manager: Folder panel support in media library popup/modal.
* Added: Folder Manager: Refresh functionality and internationalization support.
* Added: Duplicate Post: Element selection filters and per-duplication modal for choosing which elements to duplicate [Pro].
* Improved: Duplicate Post: Enhanced code structure and UI elements.
* Improved: Folder Manager: Styling and UX improvements.
* Fixed: Menu Editor: Replaced persistent capability changes with in-memory filtering to prevent database capability pollution.
* Fixed: Menu Editor: Virtual capabilities now correctly granted for role-based menu access.
* Fixed: Menu Editor: Per-user deny rules now respected in role-based capability grants.
* Fixed: SMTP Email: PHPMailer state not clearing between wp_mail() calls causing recipient accumulation.
* Fixed: Disable XML-RPC: Refined XML-RPC request handling.
* Fixed: Disable Blog: Redirect conflict with SureCart and similar plugins.
* Fixed: Quick Add Post: Button insertion timing and selector updates.
* Added: Folder Manager: Bulk actions for moving multiple items at once.
* Added: Folder Manager: Off canvas sidebar on smaller screens for mobile responsiveness.
* Added: Global: WordPress 6.9 Support.
* Improved: Admin Customiser: HTML support to admin footer text field.
* Fixed: Admin Customiser: Sidebar icon misaligned.
* Fixed: Admin Customiser: Issue with certain icons in settings not loading due to blocked PHP config setting.
* Fixed: SMTP Email: Bug introduced with WordPress 6.9 with sending from certain WordPress configurations.
* Fixed: Duplicate Posts: Post redirect default value.
* Fixed: Code Snippets: Certain whitespace characters in snippets not running and crashing.
* Fixed: Global: Licensing not activating for certain websites.
* Added: Folder Manager: Organize posts and media into folders with drag-and-drop functionality.
* Added: SVG Upload: Support to restrict to specific user roles
* Improved: Menu Editor: Collapse child menu items for easier drag and drop experience
* Fixed: Menu Editor: Some child menu items being appended to top level menu
* Fixed: SVG Upload: Issue with certain SVG's not being uploaded
* Fixed: Quick Search: Docs link
* Fixed: Admin Customiser: Sidebar icons not hiding when option enabled.
* Fixed: Admin Customiser: Remember me option not applying
* Fixed: Admin Customiser: Custom Message not displaying on login page
* Fixed: SMTP Module: Encoding issue with certain special characters
* Fixed: User Last Login: Added default format fallback when not set specifically
* New: Global: CLI support
* New: Post Type Switcher: Added ability to bulk move multiple posts from one post type to another [Pro]
* New: Post Type Switcher: Added ability to change post type in quick edit view
* Fixed: Framework: Rich text editor field not triggering save tray
* Fixed: Clean Profiles: Sections not hiding correctly
* Improvement: Disable Blog: Added filter to prevent default WordPress taxonomies from being deregistered
* Fixed: Media Trash: Notice not hiding after being dismissed or when disabling the module
* Fixed: Media Replace: PDF preview thumbnails not being deleted, causing orphaned preview thumbnails in the media library
* Fixed: Global: License key not activating when importing config via settings
* Fixed: Custom Login URL: Admin customizer login page logo not displaying when using a custom login URL
* Fixed: Duplicate Post: Default settings not being saved when module is enabled, causing duplicate button to not display
* Fixed: Hide Admin Notices: Defaults not being applied to the module when no settings were changed after module activation
Back
Top