Highland Software Custom Role Manager

1.0.3

• Fix: Existing user roles now correctly render on profile and edit screens.
• Fix: Third-party plugin roles now automatically appear without requiring admin resave.
• Improvement: Enhanced role synchronization to dynamically merge stored configuration with live WordPress roles.
• Improvement: Improved compatibility with WooCommerce, LMS, membership, and other custom role providers.
• Improvement: WordPress core roles are now prioritized at the top of the role assignment interface.
• Improvement: Preserved grouping, separators, and custom ordering while supporting dynamic role discovery.
• Improvement: Improved role rendering reliability for both existing and newly registered roles.

1.0.2

• Feature: Added logging system for role and capability changes (audit trail).
• Improvement: Logs include user, action, and context for better traceability.
• Fix: Resolved issue where existing custom roles were not displayed on load.
• Improvement: Enhanced role synchronization to correctly merge stored configuration with WordPress roles.

1.0.1

• Security: Fixed a privilege escalation vulnerability in role assignment logic.
• Security: Enforced strict server-side capability checks for role modifications.
• Security: Prevented assignment of restricted capabilities such as manage_options.
• Security: Hardened AJAX endpoints with capability and nonce validation.
• Hardening: Improved role validation and synchronization logic.
• Hardening: Added rate limiting to AJAX endpoints.
• Props: Thanks to 0xherc1337 and Steven Stern (sterndata) for responsibly reporting the issue.

1.0.0

• Initial release
• Multi-role assignment
• Role grouping and ordering
• Capability management system