The #1 User Profile & Membership Plugin for WordPress
Ultimate Member offers a range of features including user profiles, member directories, user registration/login, user role editing, content restriction
Download Ultimate Member Core Plugin v2.4.1 Nulled
= 2.4.1: June 13, 2022 =
* Enhancements:
- Added: Number-type Ultimate Member custom fields to the list of the sorting fields on the member directory
* Bugfixes:
- Fixed: XSS issue related to the JS confirmation and links with JS code inside
- Fixed: PHP error when `um_options` option in wp_options table doesn't exist or has wrong format
- Fixed: select2 styles for RTL languages
- Fixed: Using slashes in the `Choices callback`...
Download Ultimate Member Core Plugin v2.4.2 Nulled
= 2.4.2: July 14, 2022 =
* Bugfixes:
- Fixed: Member Directory vulnerabilities
- Fixed: 3rd-party integration with profile tabs and ability to show edit profile form on the 3rd-party profile tab
- Fixed: PHP fatal error on unset
- Fixed: select2 style conflicts with 3rd-party plugins
* Enhancements:
- Added: Custom fields callbacks blacklist. Use `um_dropdown_options_source_blacklist` filter for adding your custom functions to the custom callbacks blacklist. By default there are all PHP internal functions.
* Enhancements:
- Added: Custom dropdown callback functions security enhancements. Avoid using blacklisted functions through namespace or uppercase format
- Added: Validation for upgrade package in wp-admin
- Added: `Change Password request limit` option for prevent from any brute-force attacks or password guessing with the form
- Added: Strong password checking for not using username|email inside the password
- Added: `um_custom_authenticate_error_codes` hook for handling 3rd-party login...
* Bugfixes:
- Fixed: Plugin upgrade DB initialization and PHP Fatal Error.
- Enhancements:
- Added: TikTok, Twitch and Reddit fields
- Added: Handler of restriction settings for blog page
- Added: Support of the <iframes> inside textarea with enabled the “HTML using” option
- Added: ‘um_get_field_date’ hook for filtering date fields
- Added: UM()->get_allowed_html() function for using it inside wp_kses allowed HTML tags
- Bugfixes:
- Fixed: Redirect to some links when content is restricted. Using esc_url_raw() instead of...
* Enhancements:
- Added: Hook arguments ($form_id, $not_searched) to 'um_members_directory_head'
- Added: Using user locale `get_user_locale()` for localization with the 1st priority
- Added: Hooks to change the profile SEO image: 'um_profile_dynamic_meta_image_size', 'um_profile_dynamic_meta_image_type'
- Added: Filter for making 3rd-party roles editable through Ultimate Member interfaces. Use 'um_extend_editable_roles' and pass there an array of role keys( e.g. 'editor'...
- Bugfixes:
- Fixed: Email notifications sending
- Fixed: File and Image uploaders and allowed types data for them
- Fixed: Content field-type editor in wp-admin Form Builder
- Fixed: Image and File uploaders max size saving in wp-admin Form Builder
- Fixed: Password Confirm field and validation
- Fixed: Form Builder row editing
- Fixed: Spotify URL user URL display on user profile
- Fixed: Spotify URL validation
- Bugfixes:
- Fixed: A privilege escalation vulnerability used through UM Forms. Known in the wild that vulnerability allowed strangers to create administrator-level WordPress users. Please update immediately and check all administrator-level users on your website.
- Fixed: Displaying fields on Account page > Privacy > Member directory settings
- Fixed: Allowed types for the file field
- Fixed: Disabled weekdays for the datepicker field
- Fixed: Empty mail From data when there isn't set an option
- Fixed: Nonce validation for the admin actions handler
- Fixed: REST API endpoint List Pages redirecting to the homepage
- Fixed: Standardize the 'editable' attribute for the UM fields and hooks that can extend these fields
- Fixed: Redirection from default WordPress registration to UM registration page (if it's not a published)
* Enhancements:
- Added: Site Health sections
- Added: oEmbed field type
- Added: YouTube field type supports YouTube Shorts links
- Added: Profile permalink base options: Unique hash, Custom usermeta
- Added: UM Form meta `um_form_version` for legacy support in the future
- Added: Setting "Deleting user comments after deleting a user" for WordPress native logic workaround
- Added: `aria-invalid` and `aria-errormessage` attributes to the fields on UM Forms
- Updated...
* Enhancements:
- Updated: Twitter texts to X
- Added: Safeguards against clickjacking attacks on UM Forms
* Bugfixes:
- Fixed: Displaying notice to avoid using wrong symbols
- Fixed: UM > Settings button styles
- Fixed: Error notice when creating page via extensions
- Fixed: Workaround for Cropper.JS if UM.frontend.cropper.obj undefined (Cropper hasn't been properly inited for UM objects)
- Fixed: The visibility of sub-items of hidden menu items
* Enhancements:
- Added: The `data` protocol for embedding base64 encoded logos in emails
- Added: Hook `um_access_restricted_post_instance` for filtering the restricted post instance
- Added: Shortcode `[um_author_profile_link]` for getting user Profile URL
- Updated: Using underscore.js native debounce method for resize handler
- Updated: Texts spelling
* Bugfixes:
- Fixed: AJAX requests conflict with `um_current_locale` attribute
- Fixed: Pickadate styling (Date & Time...
**Enhancements**
* Tweak: Added separate file for full changelog. readme.txt shows only a few latest versions
**Bugfixes**
* Fixed: Member directory data sanitizing (CVE-2024-2123)
* Fixed: Activation link time changed from seconds to days
* Fixed: Password validation error
* Fixed: Password reset url for the approved user who didn't set their password after registration without password
* Fixed: Conflict with WebP Uploads