JAY Login & Register

2.6.05

• New Feature: Added official Gravity Forms Add-on. Easily add mobile OTP verification to any Gravity Form.
• Feature: Built-in Auto-login & Auto-register option for users verifying their number via Gravity Forms.
• Security: Integrated Gravity Forms verification with the global IP/Phone Lockout and Brute-Force protection system.
• Improvement: Introduced an elegant and isolated UI for the Add-ons manager inside the WordPress dashboard.
• Improvement: Replaced external icons with high-performance inline SVG vectors.
• Fix: Resolved WordPress Plugin Checker warnings regarding Nonce Verification and Database direct queries using safe practices.

2.6.04

Release Date: February 3, 2026

Security Update

SECURITY: Fixed authenticated privilege escalation vulnerability (CVE-2025-15100)

Implemented three-layer meta key validation (Blacklist + Whitelist protection)
Added wildcard protection for all wp_* keys
Enhanced profile update AJAX handler security
Enhanced registration meta field handling security
Enhanced inline form registration security
Fixed: Added explicit whitelist validation for custom user meta fields
Fixed: Blocked sensitive WordPress meta keys from being modified
Fixed: Implemented developer hooks for field customization
Fixed: Added security action hook for monitoring suspicious attempts
Improved: Enhanced input validation across all user meta update operations
Compatibility

Tested up to: WordPress 6.9
Developers

Added filter: jay_login_register_allowed_profile_fields – Customize allowed meta fields
Added filter: jay_login_register_disallowed_meta_keys – Customize blocked meta keys
Added action: jay_login_register_suspicious_meta_update – Monitor suspicious attempts

2.6.01

• Performance: Introduced a smart on-the-fly HTML Minifier engine to strip whitespace from shortcodes and AJAX responses, ensuring clean rendering and compatibility with all themes.
• Security & Standards: Extensive codebase refactoring to strictly follow WordPress.org Coding Standards.
• Security: Applied rigorous input sanitization, unslashing, and output escaping across all AJAX handlers and settings pages.
• Improvement: Optimized database queries in the User Permission module to prevent slow query warnings.
• Fix: Resolved Regex delimiter issues in the minification logic to prevent server warnings.

2.5.01

• SECURITY FIX: Addressed WordPress coding standards regarding input sanitization (phpcs warnings).
• Fix: Minor improvements in the Ajax handler for file uploads.

2.5.0

• SECURITY FIX: Critical authentication bypass vulnerability fixed in the User Switching module (CVE-2025-14440). Special thanks to kr0d and the WP Security Team.
• New Feature: Advanced User Panel Form Builder with Drag & Drop interface.
• New Feature: Conditional Logic for User Panel fields (Show/Hide fields based on Meta Keys or other field values with AND/OR support).
• New Feature: Native Avatar Upload integrated with WordPress Media Library.
• New Feature: Repeater functionality for conditional logic rules.
• Improvement: Enhanced security validation for all user panel inputs (Server-side logic checks).
• Improvement: Fixed RTL styling issues for Select boxes in the User Panel.

2.4.01

• New Feature: Added a Global Custom Fields Builder. Admins can now add Text, Select, Radio, and Checkbox fields to the registration form via settings.
• New Feature: Added optional Username field for registration with live AJAX validation (availability & format check).
• Improvement: Enhanced the main login form to accept Mobile, Email, or Username intelligently in a single input field.
• Improvement: Unified “First Name” and “Last Name” settings into a single toggle for better UX.
• Style: Applied modern glassmorphism styling to custom Radio buttons and Checkboxes.
• Fix: Resolved session errors when requesting OTP for a user logged in via Username.
• Fix: Fixed “0” response issue in AJAX handlers for logged-in administrators during testing.
• Security: Enhanced sanitization for custom field data storage.
• New Feature: Added options to collect First Name and Last Name during registration.
• Fix: Resolved the issue where the “Content Lock” button was missing in the Gutenberg block editor.
• Improvement: Optimized editor scripts for better performance and security.

2.3.01

• Feature: Introduced a new Gutenberg Container Block for easier content locking. You can now drag and drop content inside the lock block.
• Improvement: Enhanced Classic Editor button with Smart Detection. Clicking inside a shortcode now automatically switches the button to “Edit Mode”.
• Fix: Resolved AJAX loading issues for third-party scripts (like Gravity Forms, Elementor, and WooCommerce) inside inline forms by implementing a smart page reload logic with scroll retention.
• UX: Improved the “Custom Fields” UI in the settings modal to prevent layout overflow.
• Security: Added strict sanitization and unslashing to all AJAX handlers to meet WordPress.org standards.

2.2.01

• New Feature: Added options to collect First Name and Last Name during registration.
• Fix: Resolved the issue where the “Content Lock” button was missing in the Gutenberg block editor.
• Improvement: Optimized editor scripts for better performance and security.

2.1.16

• New Feature: Added support for Bale’s Safir OTP service, allowing users to receive verification codes directly in the Bale messenger app as a cost-effective alternative to SMS.
• Improvement: The user interface now provides a choice between SMS and Bale for receiving the code during registration if the Bale OTP feature is enabled.
• Fix: Correctly handled the JSON response from the MeliPayamak API to prevent incorrect error messages on successful sends.

2.1.13

• New Feature: Added one-click login/registration with Google (Gmail) accounts.
• Tweak: Added a detailed step-by-step guide for generating Google OAuth credentials within the plugin settings.

2.1.12

• New Feature: Added support for the SMS.ir gateway.
• Fix: Resolved a bug where Eitaa social login settings were sometimes erased when saving other settings tabs.
• Tweak: Corrected the main form shortcode in the readme file.

2.1.0

• انتشار اولیه افزونه.

توسعه دهنده
جلال رضایی چاهوکی