Ultimate Member Core Plugin v2.10.5 Nulled + Extensions

Decryption key:

To view the content, you need to Sign In or Register.

Ultimate Member Core Plugin v2.10.5 Nulled + Extensions

= 2.10.5 June 25, 2025 =

* Enhancements:

- Added: Filter hook [`um_password_reset_form_primary_btn_classes`](https://ultimatemember.github.io/ultimatemember/hooks/um_password_reset_form_primary_btn_classes.html) for primary button classes in UM Password Reset form.
- Added: Filter hook [`um_login_form_primary_btn_classes`](https://ultimatemember.github.io/ultimatemember/hooks/um_login_form_primary_btn_classes.html) for primary button classes in UM Login form.
- Added: Filter hook [`um_register_form_primary_btn_classes`](https://ultimatemember.github.io/ultimatemember/hooks/um_register_form_primary_btn_classes.html) for primary button classes in UM Registration form.
- Tweak: Refactored Site Health data, added hooks for 3rd-party integration.
- Tweak: Avoid using `um_user( 'password_reset_link' )` and make it directly with `UM()->password()->reset_url( $user_id )` for getting a proper reset URL.
- Tweak: Avoid using `um_user( 'account_activation_link' )` and make it directly with `UM()->permalinks()->activate_url( $user_id )` for getting a proper activation URL.

* Bugfixes:

- Fixed: Stripped shortcodes in the user data during the Account, Registration and Profile forms submission. (Thanks to [MissVeronica](https://github.com/MissVeronica))
- Fixed: Email placeholders values.
- Fixed: Refactor deactivation logic to un-schedule Action Scheduler actions.
- Fixed: Action Scheduler library errors. Updated to the recent 3.9.2 version.
- Fixed: Secondary email field validation.
- Fixed: Action Scheduler batch actions with users who have Undefined status.
- Fixed: Restrictions for 3rd-party Gutenberg Blocks.
- Fixed: Date/time picker filter-types range query on Member Directories.
- Fixed: Renamed "Macedonia, the former Yugoslav Republic of" to the official "North Macedonia".

* Deprecated:

- Fully deprecated `account_activation_link_tags_patterns( $placeholders )` function. It's not used previously. Used email function arguments instead.
- Fully deprecated `account_activation_link_tags_replaces( $replace_placeholders )` function. It's not used previously. Used email function arguments instead.
- Fully deprecated `UM()->profile()->add_placeholder()` function. Used email function arguments instead.
- Fully deprecated `UM()->profile()->add_replace_placeholder()` function. Used email function arguments instead.
- Fully deprecated `UM()->user()->add_activation_placeholder()` function. Used email function arguments instead.
- Fully deprecated `UM()->user()->add_activation_replace_placeholder()` function. Used email function arguments instead.
- Deprecated `UM()->user()->maybe_generate_password_reset_key( $userdata )` function. Use `UM()->common()->users()->maybe_generate_password_reset_key( $userdata )` instead.
- Deprecated `UM()->user()->set_last_login()` function. Use `UM()->common()->users()->set_last_login( $user_id )` instead.

* Templates required update:

- password-reset.php

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade *

Decryption key:

To view the content, you need to Sign In or Register.

= 2.10.4 May 15, 2025 =

* Bugfixes:

- Fixed: Security issue CVE ID: CVE-2025-47691. Used "sniccowp/php-scoper-wordpress-excludes" for getting the recent WordPress functions list and added them to the dynamic blacklist based on the WordPress version.
- Fixed: The Action Scheduler action `um_set_default_account_status`. Case when some users were approved manually or deleted, and we need to reset the admin notice. Added `error_log()` to the wrong conditions.
- Fixed: Reset Password request from not a predefined password reset page. It's possible to submit reset password form sitewide using block or shortcode.
- Fixed: Setting 'Allow users to change email' for the Account page. It works now for any role instead of only the roles with 'Can edit other member accounts?' capability enabled.

Decryption key:

To view the content, you need to Sign In or Register.

Download Ultimate Member Core Plugin v2.10.3 Nulled Free
= v2.10.3 April 24, 2025 =
* Enhancements:

- Added: The `Ignore the "User Role > Registration Options"` setting. It provides an ability to auto-approve users if they were created via wp-admin > Users screen.
- Tweak: Avoid email notifications to Administrator about user registration via wp-admin > Users screen.
- Tweak: Updated the Action Scheduler implementation to improve flexibility and clarity. Refactor Action Scheduler for not only email handling.

* Bugfixes:

- Fixed: Member Directory styles when it's rendered on the Gutenberg builder page.
- Fixed: Member Directory filtering query when the custom users metatable is used.
- Fixed: PHP Warning that occurs when using the `getimagesize` function with an image from an external source.
- Fixed: Reset Password email notification's the {password_reset_link}` placeholder.
- Fixed: Changed "Turkey" to the current official term "Türkiye".

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade *

Decryption key:

To view the content, you need to Sign In or Register.

Download Ultimate Member Core Plugin v2.10.1 Nulled Free
= v2.10.1 March 03, 2025 =
* Bugfixes:
- Fixed: Security issue CVE ID: CVE-2025-1702.
- Fixed: Activation link redirects to Reset Password after registration without password field and required email activation.
- Fixed: Honeypot scripts/styles for themes without pre-rendered shortcodes. Enqueue honeypot scripts/styles everytime.
- Fixed: Profile photo metadata when Gravatar image is used.
* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade *

Decryption key:

To view the content, you need to Sign In or Register.

Download Ultimate Member Core Plugin v2.10.0 Nulled Free
= v2.10.0 February 18, 2025 =
* Enhancements:

- Added: User Profile `form-id` attribute and updated code for Profile/Cover photos actions dropdowns.
- Added: Honeypot scripts/styles via `wp_add_inline_script()`, `wp_add_inline_style()` changed from direct adding in header and footer.
- Updated: We've made improvements to requests for extension updates to boost stability.
- Updated: PHP requirement - the minimum PHP version is now upgraded to 7.0.
- Updated: Using $wpdb and WPCS for queries. Set minimum required version to 6.2 due to using %i for `$wpdb->prepare()`.
- Updated: Revised wp-admin user actions handling. Now, the required capability is `edit_users` instead of `manage_options`.
- Removed: User Profile hidden inputs on view mode.
- Tweak: WPCS enhancements.

* Bugfixes:

- Fixed: Security issue CVE ID: CVE-2024-12276.
- Fixed: Custom usermeta table metakeys for filtering in member directory (from `_money_spent` to `wc_money_spent_` and added `wc_order_count_`).
- Fixed: Layout for "Download your data" and "Erase of your data" fields.
- Fixed: Image sizes used for Open Graph meta in User Profile headers are now corrected.
- Fixed: "Delete account text" settings visibility issue in wp-admin.
- Fixed: The "Privacy Policy" field in the registration form. Disallowed HTML from the "Privacy Policy" content (like `<form>`) is filtered out by the `wp_kses()` function.
- Fixed: Password fields are now sanitized the WordPress native way, with `wp_unslash()` omitted post-submission.

* Templates required update:

- gdpr-register.php
- profile.php

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade *

Decryption key:

To view the content, you need to Sign In or Register.

Download Ultimate Member Core Plugin v2.9.2 Nulled Free
= v2.9.2 January 14, 2025 =
* Enhancements:
- Added: Compatibility with the new [Ultimate Member - Zapier](https://ultimatemember.com/extensions/zapier/) extension
- Added: Only approved user Reset Password setting defined as true by default
- Added: `UM()->is_new_ui()` function for future enhancements related to new UI
- Added: Filter hook `um_before_user_submitted_registration_data`
- Tweak: Changed hook's priority for initialization of email templates paths
- Tweak: Removed `load_plugin_textdomain` due to (article)[https://make.wordpress.org/core/202...-support-for-only-using-PHP-translation-files]

* Bugfixes:
- Fixed: Security issue CVE ID: CVE-2025-0308
- Fixed: Security issue CVE ID: CVE-2025-0318
- Fixed: Using placeholders in email templates when Action Scheduler is active. Using `fetch_user_id` attribute for fetching necessary user before sending email
- Fixed: PHP 8.4 compatibility. Using WordPress native `wp_is_mobile()` instead of MobileDetect library
- Fixed: PHP errors related to `UM()->localize()` function
- Fixed: PHP errors in user meta header when `last_update` meta is empty
- Fixed: Small CSS changes and avoid duplicates
- Fixed: Removed ms-native show password button for type="password" field in UM forms
- Fixed: Define scalable attribute for cropper

* Deprecated:
- Fully deprecated `UM()->mobile()` function
- Fully deprecated `UM()->localize()` function
- Fully deprecated `um_language_textdomain` filter hook

* Templates required update:
- account.php

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

Decryption key:

To view the content, you need to Sign In or Register.

* Enhancements:
- Added: `um_image_upload_validation` hook for 3rd-party validation during upload images

* Bugfixes:
- Fixed: "Load textdomain just in time" issue
- Fixed: Capabilities checking in the wp-admin > Users list table
- Fixed: File/image upload on the role specific profile form
- Fixed: Issues when the form's custom fields meta has a wrong format
- Fixed: Validation of the "Registration Default Role" slug
- Fixed: Allowed query variables via registered REST API class only when REST_REQUEST is defined

Decryption key:

To view the content, you need to Sign In or Register.

* Enhancements:
- Added: Action Scheduler (version 3.8.1) for email sending. More info is [here](https://actionscheduler.org/)
- Added: Supporting new `wp_register_block_metadata_collection()` function for registering WP Blocks

* Bugfixes:
- Fixed: `ajax_image_upload()` and `ajax_resize_image()` handlers vulnerability. CVE ID: CVE-2024-10528
- Fixed: Disabling user status column wp-admin > Users screen
- Fixed: User status filter on wp-admin > Users on mobile devices
- Fixed: Extra unwrapping of the WP Editor field's value

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

Decryption key:

To view the content, you need to Sign In or Register.

• Fixed: Download routing initialization
• Fixed: Textarea height and HTML formatted textarea field height isolated via <iframe> on view mode
• Fixed: User registration if email activation or admin review are required
• Fixed: First installation errors

Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

Decryption key:

To view the content, you need to Sign In or Register.

• Added: Member Directory > Admin Filtering supports datepicker and timepicker filter-types with only “From” or “To” filled value
• Added: Ability to customize modal templates upload-single.php and view-photo.php
• Added: New FontAwesome library. Version 6.5.2