🔒 SECURITY FIX (CVE-2026-5651, CVSS 4.9): hardened Askeet_Security::is_safe_query() against MySQL conditional-comment evasion (/*!UNION*/). The previous implementation stripped /*…*/ comments before keyword scanning, which silently removed conditional comments that MySQL still executes — letting an authenticated administrator append UNION/INSERT/etc. to the validated query. The validator now rejects any query containing /*! outright, additionally strips # line comments (previously missed), and extends the forbidden-keyword list to include OUTFILE, DUMPFILE, LOAD_FILE, BENCHMARK, SLEEP, INFORMATION_SCHEMA, HANDLER. Patched paths: askeet_execute_sql_query, askeet_export_all_results, the natural-language pipeline, and the cron insight runner — all four call the central validator.
IMPROVED: extends backtick-identifier stripping in the validator (defense-in-depth against false positives).
IMPROVED: Compatibility with WordPress 6.9.
Credits: vulnerability reported by Régis SENET via Wordfence.
3.0
NEW: Interactive charts in answers (Pro+) — bar / line / pie / area, auto-selected from data shape, hover tooltips, responsive
NEW: 14-day Business trial on install — no credit card, all features unlocked
NEW: Founder’s price $19/mo for life — first 200 customers, locked-in pricing
NEW: Pro $29/mo, Business $79/mo — yearly billing saves 34-38%; monthly available
NEW: 50 queries/month free tier (was 10/day)
NEW: Outbound webhooks (Business) — Slack, n8n, Zapier, Make
NEW: REST API + auth keys (Business) — wp-json/askeet/v1/*
NEW: Multi-store registry (Business) — up to 5 stores under one account
NEW: Trial countdown banner + paywall modals with feature-pause-on-downgrade UX
IMPROVED: AI now reads your real DB conventions — HPOS-aware, real meta_keys sampled from wp_postmeta, prefers denormalized wp_wc_* lookup tables → dramatically more accurate SQL
IMPROVED: Subscription page redesigned — 3-column grid, “Most Popular” ribbon on Pro, live Founder counter, value props, FAQ
IMPROVED: Chat readability — bigger tables, larger charts, wider response bubbles, no more inner scrollbars
IMPROVED: Pagination fixed — 20 rows/page now actually shows 20 (was showing all rows)
IMPROVED: Export Page / Export All — Page exports the visible slice, All exports the full set
IMPROVED: Plugin logo refreshed (loupe-style icon)
IMPROVED: Migration-safe — existing v2 customers keep their grandfathered prices, gain access to all v3 features
FIXED: AI follow-up answers rendering in too-small bubbles
FIXED: Community page buttons (Discord / Slack / Contact) not opening
FIXED: Subscription “Free” button showing as enabled when on a paid plan
FIXED: Two scrollbars on Settings / Insights / Reports / History pages
FIXED: Feedback / ratings storage — submissions now correctly land in the Supabase feedbacks and ratings tables
2.0
NEW: Modern subscription management page with pricing cards and one-click upgrades
NEW: Smart pagination — display 50 rows, export up to 1,500 rows per page
IMPROVED: Export limit increased to 10,000 rows with “Export All” button
