4.23.13

Fixed

• Security vulnerability that allows subscribers to send a support contact (CVE-2024-9583).

4.23.11

Fixed

• The previous version introduced a bug that omitted the user-agent header from RSS feed requests.

4.23.10

Fixed

• Some feeds were wrongly deemed to be invalid due to how cURL sends the user-agent string.

4.23.9

Fixed

• Fixed a cross-site scripting vulnerability when an admin notice ID is invalid.

v4.23.7

Fixed

• Media thumbnail images without a MIME type were not being properly detected.

v4.23.6

Changed

• Error information is suppressed for feeds with local address URLs. This improves the previous fix for CVE-2024-0628.

v4.23.5

Fixed

• Error messages no longer reveal information about potentially inaccessible resources. (CVE-2024-0628)
• JavaScript code in feed item URLs is now properly sanitized and escaped. (CVE-2024-0630)
• Word trimming did not work correctly when posts had leading whitespace.
• The Templates page did not load properly on some websites.

4.23.4

Added

• Black Friday offer links.

Changed

• Updated the "More Features" page.

4.23.3

Changed

• Disabled the deactivation poll.

4.23.2

Added

• An important notice regarding the upcoming major update that will require PHP 7.4 or higher.

Changed

• Twig date translation can now be disabled using the wpra/twig/use_translations filter.

Fixed

• Some PHP 8 compatibility issues.
• Corrected how images are searched in the content and excerpt of an item.