WordPress.org
Get WordPress

Plugin Directory

Changeset 3358927


Ignore:
Timestamp:
09/10/2025 03:37:01 AM (6 months ago)
Author:
a3rev
Message:

2.8.4 - 2025/09/09

  • This release has a security vulnerability patch, plus compatibility with WordPress 6.8.2 and WooCommerce 10.1.2.
  • Tweak - Tested for compatibility with WordPress 6.8.2
  • Tweak - Tested for compatibility with WooCommerce 10.1.2
  • Security - Fixed a Cross-Site Request Forgery (CSRF) vulnerability in AJAX requests
Location:
wp-email-template/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • wp-email-template/trunk/admin/admin-interface.php

    r3000618 r3358927  
    5252        // AJAX hide yellow message dontshow
    5353        add_action( 'wp_ajax_'.$this->plugin_name.'_a3_admin_ui_event', array( $this, 'a3_admin_ui_event' ) );
    54         add_action( 'wp_ajax_nopriv_'.$this->plugin_name.'_a3_admin_ui_event', array( $this, 'a3_admin_ui_event' ) );
    55 
    5654    }
    5755
     
    174172    public function a3_admin_ui_event() {
    175173        check_ajax_referer( $this->plugin_name. '_a3_admin_ui_event', 'security' );
     174       
     175        // Verify user has proper capabilities.
     176        if ( ! current_user_can( 'manage_options' ) ) {
     177            wp_die( __( 'You do not have sufficient permissions to access this page.', 'wp-email-template' ) );
     178        }
     179       
    176180        if ( isset( $_REQUEST['type'] ) ) {
    177181            switch ( trim( sanitize_text_field( wp_unslash( $_REQUEST['type'] ) ) ) ) {

  • wp-email-template/trunk/admin/email-init.php

    r2808784 r3358927  
    5353
    5454add_action('wp_ajax_preview_wp_email_template', array('\A3Rev\EmailTemplate\Hook_Filter', 'preview_wp_email_template') );
    55 add_action('wp_ajax_nopriv_preview_wp_email_template', array('\A3Rev\EmailTemplate\Hook_Filter', 'preview_wp_email_template') );
     55// Removed wp_ajax_nopriv_ action for security - preview should only be available to logged-in users
    5656
    5757// Compatibility with Formidable plugin with disable the encoding subject title

  • wp-email-template/trunk/classes/class-email-exclude-subject-data.php

    r2212678 r3358927  
    1414
    1515    public function __construct() {
    16         if ( is_admin() ) {
    17             // Ajax Update Portfolio Feature Order
    18             add_action( 'wp_ajax_portfolio_update_feature_order', array( $this, 'portfolio_update_feature_order' ) );
    19             add_action( 'wp_ajax_nopriv_portfolio_update_feature_order', array( $this, 'portfolio_update_feature_order' ) );
    20         }
     16
    2117    }
    2218

  • wp-email-template/trunk/classes/class-email-hook.php

    r2689887 r3358927  
    154154    public static function preview_wp_email_template() {
    155155        check_ajax_referer( 'preview_wp_email_template', 'security' );
     156       
     157        // Verify user has proper capabilities.
     158        if ( ! current_user_can( 'manage_options' ) ) {
     159            wp_die( __( 'You do not have sufficient permissions to access this page.', 'wp-email-template' ) );
     160        }
    156161
    157162        $email_heading = __('Email preview', 'wp-email-template' );

  • wp-email-template/trunk/readme.txt

    r3272188 r3358927  
    33Tags: wordpress email template, wordpress email, email, email template, contact, contact forms,  wp e-commerce email, woocommerce email, contact form 7, e-commerce email, comment forms, comments, forms
    44Requires at least: 6.0
    5 Tested up to: 6.8
    6 Stable tag: 2.8.3
     5Tested up to: 6.8.2
     6Stable tag: 2.8.4
    77License: GPLv3
    88License URI: http://www.gnu.org/licenses/gpl-3.0.html
     
    149149
    150150== Changelog ==
     151
     152= 2.8.4 - 2025/09/09 =
     153* This release has a security vulnerability patch, plus compatibility with WordPress 6.8.2 and WooCommerce 10.1.2.
     154* Tweak - Tested for compatibility with WordPress 6.8.2
     155* Tweak - Tested for compatibility with WooCommerce 10.1.2
     156* Security - Fixed a Cross-Site Request Forgery (CSRF) vulnerability in AJAX requests
    151157
    152158= 2.8.3 - 2024/07/13 =
     
    851857== Upgrade Notice ==
    852858
     859= 2.8.4 =
     860This release has a security vulnerability patch, plus compatibility with WordPress 6.8.2 and WooCommerce 10.1.2.
     861
    853862= 2.8.3 =
    854863This release has various tweaks for compatibility with WordPress 6.6 and WooCommerce 8.9.3

  • wp-email-template/trunk/wp-email-template.php

    r3272188 r3358927  
    44Plugin URI: http://a3rev.com/shop/wp-email-template/
    55Description: This plugin automatically adds a professional, responsive, customizable, email browser optimized HTML template for all WordPress and WordPress plugin generated emails that are sent from your site to customers and admins. Works with any WordPress plugin including the e-commerce plugins WooCommerce and WP e-Commerce.
    6 Version: 2.8.3
     6Version: 2.8.4
    77Requires at least: 6.0
    8 Tested up to: 6.8
     8Tested up to: 6.8.2
    99Author: a3rev Software
    1010Author URI: https://a3rev.com/
     
    1212Domain Path: /languages
    1313WC requires at least: 6.0.0
    14 WC tested up to: 9.8.0
     14WC tested up to: 10.1.2
    1515License: This software is under commercial license and copyright to A3 Revolution Software Development team
    1616
     
    3939define( 'WP_EMAIL_TEMPLATE_KEY', 'wp_email_template' );
    4040define( 'WP_EMAIL_TEMPLATE_PREFIX', 'wp_email_template_' );
    41 define( 'WP_EMAIL_TEMPLATE_VERSION', '2.8.3' );
     41define( 'WP_EMAIL_TEMPLATE_VERSION', '2.8.4' );
    4242define( 'WP_EMAIL_TEMPLATE_G_FONTS', true );
    4343
Note: See TracChangeset for help on using the changeset viewer.