4.10.1
·
162 commits
to development
since this release
Changelog
- Fixed: Update language strings.
- Security: Stored XSS via
[futureaction]shortcode (CVE-2026-5247, CVSS 5.5 Medium). Insufficient input sanitization allowed authenticated attackers (administrator-level or lower-privileged users when the shortcode is available to them) to inject arbitrary web scripts into pages. Thanks to zaim for the responsible disclosure.