Changed plugin prefix from ‘rds’ (3 chars) to ‘rdsnl’ (5 chars) across all classes, functions, constants, options, hooks, shortcodes, script handles, and CSS classes to meet WordPress.org 4+ character prefix requirement
Applied wp_kses_post() sanitization to HTML newsletter content at point of input
Replaced direct SQL column interpolation with wpdb %i identifier placeholders in ORDER BY clauses and UPDATE field references
Improved nonce verification comments for email-based URLs (confirm, unsubscribe, tracking) that cannot use nonces
Bumped minimum WordPress version to 6.2 (required for %i identifier placeholder support)
Shortcodes renamed: [rdsnl_signup] and [rdsnl_unsubscribe]
Database table prefix changed from rds_nl_ to rdsnl_ (deactivate and reactivate plugin to recreate tables)
1.2.0
Added nonce verification to all admin actions including newsletter duplication
Added explicit permission checks (current_user_can) to all data-modifying handlers
Moved all inline JavaScript to properly enqueued external files
Moved all inline CSS to properly enqueued external stylesheets
Added public.js and public.css for frontend form handling
Moved settings page IMAP/bounce scripts into admin.js
Template data now passed via wp_add_inline_script instead of inline script tag
Standalone public pages now use wp_print_styles and wp_print_scripts
