KISS-WP-admin-menu-useful-links/CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.6.0] - 2025-08-15

🚨 CRITICAL SECURITY FIXES

• FIXED: Critical nonce verification bypass vulnerability
  • Added proper nonce verification in kwamul_sanitize_links_options() function
  • Previously, nonce was only checked in display function, not during actual form processing
  • This prevented CSRF attacks on settings updates
• FIXED: URL validation security vulnerability
  • Implemented comprehensive kwamul_validate_url() function
  • Blocks dangerous protocols (javascript:, data:, vbscript:, etc.)
  • Prevents XSS attacks while maintaining relative path support
  • Validates URL structure and blocks malicious patterns
• IMPROVED: Superglobal access pattern
  • Updated $_GET access to use null coalescing operator
  • Follows WordPress coding standards more closely

Security

• All critical and high-priority security issues resolved
• Plugin now follows WordPress security best practices
• Ready for production use with enhanced security posture

[1.5.0] - Previous Release

Added

• Priority system for link ordering
• Frontend and backend link separation
• Transient caching for improved performance
• Comprehensive admin interface with tabs

Changed

• Improved code structure and documentation
• Enhanced user interface
• Better error handling

Fixed

• Various minor bugs and improvements

[1.4.0] - Previous Release

Added

• Multiple link support (up to 5 links)
• Admin settings page
• Proper sanitization and validation

[1.3.0] - Previous Release

Added

• Basic functionality for adding custom links to admin bar
• WordPress admin integration

[1.0.0] - Initial Release

Added

• Initial plugin structure
• Basic link functionality