Recent Updates
Security
- Expanded validation of Event Aggregator imports for all statuses.
Languages
- 0 new strings added, 0 updated, 0 fuzzied, and 0 obsoleted.
Security
- Added additional escaping and sanitization to the Sequoia (Multi-Step Form) template settings and donation form markup (CVE-2026-13704).
Security
- Tightened up Stripe checkout validation.
Security
- Tightened security around REST API endpoints.
Security
- Standardized email access confirmation AJAX responses to prevent distinguishable server responses.
- Added additional escaping and sanitization to the Campaign Comments block and shortcode attributes (CVE-2026-13246).
Security
- Hardened capability checks in the pattern and template import process.
- Enhanced authorization checks on the performance optimizer data endpoints.
Fixes
- Resolved a race condition where two concurrent WooCommerce order-completion events for the same order could create duplicate groups and fire the group-creation automation twice.
- Resolved an issue where a product-level Group Registration bulk discount was shown on the product page but not applied in the cart or checkout.
- Resolved an issue where the group registration metabox would not show on the edit group page in the admin.
- Prevented a double member discount from being applied in the cart for Individual group purchases when WooCommerce Memberships is active.
- Resolved an issue where group courses could not be added or removed on the group edit screen when the Classic Editor was active and the Group Registration add-on was enabled.
- Resolved an issue where the dynamic group dropdown ("increase seats to existing group" / "add courses to existing group") did not appear on Simple Subscription products and did not list the existing group on Variable Subscription products when a group leader revisited the product page.
Tweaks
- Added actions:
learndash_seats_plus_version_downgraded_to_{$version},learndash_seats_plus_version_downgraded,learndash_seats_plus_version_upgraded_to_{$version},learndash_seats_plus_version_upgraded. - Added filters:
ldgr_should_apply_stored_line_price.
Fixes
- Resolved an issue where reCAPTCHA was not loading on the login form shown after a successful password reset.
- Resolved an issue where the Login Modal would show "Incorrect username or password" instead of the captcha error.
- Resolved an issue where the reCAPTCHA scripts and security nonce were not injecting on "Latest posts" homepages when login is triggered via a navigation menu item.
Fixes
- Improved ThriveCart webhook handling by decoding JSON payload fields correctly and hardening payload validation/sanitization.
Security
- Updated Swiper library v5.3.6 to v12.2.0 for security improvements.
Languages
- 0 new strings added, 0 updated, 0 fuzzied, and 0 obsoleted.
