Advanced Members for ACF

1.2.7

• Security: Addressed Plugin Check Program (PCP) security and coding standards findings

1.2.6

• Security: Fixed arbitrary file deletion vulnerability via path traversal in avatar crop (CVE-2026-3243)
• Security: Replaced REST API open permission callback with proper nonce verification
• Security: Added user ownership validation for avatar operations
• Security: Mitigated SSRF risk in remote image fetching
• Security: Removed absolute server path exposure from API responses

1.2.5

• New: Added developer document DEVELOPER.md
• Fix: Apply simple meta_key, meta_value query for amem_form_post_from_key()
• Mod: Changed field settig ‘Hide Label’ to ‘Field Visiblity’
• Mod: Updated Block API version to 3
• Fix: Fixed block assets loading
• Mod: Allow ‘redirect_to’ param to override module settings
• Fix: Hide label for password confirm field
• Fix: Fixed security issue with create_crop(avatar) method

1.2.4

• Fix: Support custom login redirect by roles

1.2.3

• Fix: Bypass avatar defaults

1.2.2

• Fix: Maintain settings when modules are disabled
• Mod: Updated plugins descriptions on readme
• Mod: Conditional menu visibility settings on Menus screen
• Fix: Fix: Prevent password fields from being sanitized by kses
• Mod: Added password confirmation label field setting
• Fix: Form title not appearing

1.2.1

• Mod: Lightweight reCAPTCHA library
• New: bypass_empty password field setting for developers

1.2.0

• New: Added Local Avatar module
• New: Added reCAPTCHA module
• New: shadcn/ui style

1.1.0

• New: Form edit link on block
• Mod: Apply ‘Hide Label’ setting to all ACF fields

1.0.0

• New: Content Restriction Module
• Fix: Redirection module error

= 0.9.15
– Fix: Password Checker JS not working properly

0.9.14

• New: Email setting for override WP core user password changed email.
• New: Settings sanitizer
• New: Show list of pages memers form is inserted(beta)

0.9.12

• New: Allow multiple forms in one page(beta)
• Fix: Email body content returns single line text
• Mod: Form block select style
• New: force follow redirect url of form argument redirect value
• Mod: Changed assets directory structure
• Mod: Changed admin framework to follow ACF Admin internal post types
• Fix: Misc bug fixes and text modifications

0.9.7

• New: Supports sorting field groups in form
• Mod: UI of edit form screen changed to 2 columns
• New: Can filter field groups for AMem forms
• Mod: Changed core page label(Login, Registration)
• Mod: Added placeholder text to account deletion text and label
• New: Added form type name to form CSS classes

0.9.6

• Fix: Rmoved debug code
• Mod: Changed $post to get_the_ID() in amem_is_core_page

0.9.5

• Mod: Renamed page state title
• New: Warning message for non default account form when render form
• Mod: Improved form settings fields
• Mod: Merged predefined forms and general forms in block

0.9.4

• Fix: not follow redirect_to query string
• Fix: login button kses stripped
• Fix: uppercase constant names, lowercase function names
• New: Support email field on login form

0.9.3

• Intitial Release