Submit Changelog
Track Changelogs

Swiss Toolkit For WP

Changelog

1.4.6 – 13 April 2026

  • Security Fix: Reworked temporary login tokens to use selector plus HMAC validation instead of storing raw login bearer tokens in post meta.
  • Security Fix: Added explicit nonce verification to temp login save handling and rotated legacy temporary login tokens to the new format.
  • Security Fix: Locked down executable snippet management to explicit manage_options capabilities and made the snippet post type non-public.
  • Security Fix: Added autosave and revision guards plus stricter input validation to snippet saves.
  • Security Fix: Corrected bulk theme deletion to require the delete_themes capability.
  • Security Fix: Hardened duplicate post handling to use action hooks and explicit GET plus nonce handling.
  • Note: Previously generated temporary login URLs are invalidated and must be re-copied after updating.

1.4.5 – 09 March 2026

  • Security Fix: Replaced deny-list extension validation with a strict allow-list approach in upload_extension_files() as recommended by WordPress.org.
  • Security Fix: Hardened file upload validation to prevent potential bypasses.

1.4.4 – 06 March 2026

  • Security Fix: Patched arbitrary file upload vulnerability in Enhanced Multi-Format Image Support (CVE-2026-2354).
  • Security Fix: Replaced strpos() with strict pathinfo() extension validation in upload_extension_files().
  • Security Fix: Added dangerous file extension blocklist to prevent executable file uploads.

1.4.3 – 02 March 2026

  • Updated: WordPress compatibility tested up to 6.9.
  • Updated: Support and documentation links to the new support portal.
  • Improved: Fixed legacy staging links in admin notifications.

1.4.2 – 19 June 2025

Fix: Handled missing notification data to prevent PHP warnings.

1.4.1 – 11 June 2025

Fix: admin panel loading issues

1.4.0 – 30 May 2025
Fix: Some Minor issues.

1.3.0 – 11 November 2024
Fix: Some Minor issues.

1.2.0 – 18 Augest 2024
Added: Database Optimization feature.

1.1.0 – 03 June 2024
Added: integrated SureCart plugin support

1.0.9

Fixed a vulnerability and security issue related to post editing permissions.

1.0.8

Fixed a vulnerability and security issue related to unauthorized access.

1.0.7

New: WP Admin Login URL Changer

1.0.6

Fix: Select2 search option

1.0.6

Fix: Select2 search option

1.0.5

Fix: svg upload issues
Fix: post duplicator issues

1.0.4

Update: Update Appsero SDK

1.0.3

Resolution: Max Upload File Limitation

1.0.2

Fix: fix clickHereLink show hide option

1.0.1

Fix: post type link updated

1.0.0

The first release was uploaded to the plugin repository.

Plugin Website
Visit website

Author
WP Messiah
Version:
1.4.6
Last Updated
April 13, 2026
Active Installs
1000
Requires
WordPress 5.2
Tested Up To
WordPress 7.0
Requires PHP
7.4

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.