4.3.3
Security:
Removed base64 misuse in email AJAX callbacks; server now reads auction data directly from the database.
Removed unauthenticated (nopriv) access from admin-only AJAX actions.
Replaced role-name capability checks with proper manage_options capability.
Fixed broken nonce patterns in settings and manage-auctions pages.
Added server-side bid amount validation (no longer JS-only).
Fix:
Sanitized all $_POST and $_GET inputs with proper WordPress functions (sanitize_text_field, absint, sanitize_email, esc_url_raw).
Fixed output escaping for HTML-generating filter values (wp_kses_post instead of esc_html).
Escaped all variables in email templates and admin table rows.
Passed nonce to AJAX script via wp_localize_script for proper verification.
Resolved incorrect redirection to the custom login URL for bidders attempting to bid without logging in.
4.3.2
Fix:
Resolved the issue with the reserve price message when the starting price and lowest price are the same.
Improvement:
Confirmed compatibility of the Ultimate WordPress Auction Plugin with the latest version of WordPress.
4.3.1
Fix:
Resolved an issue where the thumbnail image was not displaying in the auction listing table, and the image gallery was not working on the auction detail page.
Enhancement:
Added missing translation strings to ensure better compatibility with Loco Translate.
4.3.0
Fix:
Addressed security concerns reported by Wordfence by properly escaping all echoed variables and options.
Reviewed and updated all WP_Ajax calls to include nonce verification and user permission checks.
Ensured SQL queries use wpdb::prepare() to prevent SQL injection vulnerabilities.
Fixed an issue where the Live Auction and Expired Auction shortcodes were not working together on the same page.
Resolved a bug where the alert message was not displaying correctly after sending a private message.
4.2.9
Improvement:
Verified plugin compatibility with the latest WordPress version for the Ultimate WordPress Auction Plugin.
4.2.8
Improvement:
Enhanced security measures including capability checks and nonce verification on all AJAX actions.
User and product ID verification for added security.
Encoding and decoding of sensitive data for secure data handling.
Comprehensive review and correction of issues identified by the Plugin Check tool.
4.2.7
Improvement:
Enhanced security by restricting direct database call.
Identified and corrected vulnerabilities related to sending various types of emails.
Improves the plugin’s performance by adjusting parameters for enqueuing scripts and styles.
4.2.6
Fix:
All variables and options are now properly escaped when echoed to ensure security and prevent potential vulnerabilities.
Reviewed and updated all functions and WP_Ajax calls to include nonce verification and user permission checks.
Updated the function names and class names to ensure uniqueness and prevent conflicts with other plugins or themes.
Reviewed and corrected the SQL queries to use wpdb::prepare() properly, ensuring protection against SQL injection vulnerabilities.
Improvement:
Improved accessibility features for better usability.
Enhanced security by restricting direct file access to plugin files.
Removed non-permitted files to improve overall security.
4.2.5
Improvement
We have removed the “Powered By Ultimate Auction” text from the footer.
4.2.4
Improvement
We have implemented a “nofollow” attribute to our branding links.
4.2.3
Fix
We have fixed the error of PHP 8.2
4.2.2
Fix
We have fixed the error of PHP 8.2
4.2.1
New Feature
We have implemented a new layout for the auction list page and auction detail page. The new layout appears by default on both pages. We have given the option to change the layout for auction pages. So, the admin can set the old layout or new layout from the auction settings.
Fix
We have fixed the translation issue into the Ultimate WordPress Auction plugin. Now, the auction plugin can be translated into any language.
4.2.0
Fix
Auction plugin conflicts with the Twenty Twenty-Two and Twenty Twenty-Three WordPress theme. Due to that the timer and place bid functionality was not working. We have fixed this issue.
4.1.9
Fix
We have fixed the issue related to the opening price. When the bidder tries to place a bid value of less than the opening price, the plugin will display an alert “Please enter a bid amount greater than or equal to the opening price”.
4.1.8
Fix
When admin tries to create auction without adding the value for buy now, it will display the error for “Uncaught Error : round(): Argument #1 ($num) must be of type int|float”. We have fixed this issue.
“Unsupported operand types: string + string” error comes with the PHP8. We have fixed it.
4.1.7
Improvement – We have added changes in the footer to show the “Powered By Ultimate Auction” text.
4.1.6
Fix – “Unsupported operand types: string + string” error comes with the PHP8. We have fixed it.
4.1.5
Fix – “Cancel Last Bid” on Manage auctions page was not working. We have fixed this issue.
4.1.4
Fix – Format specifier error with PHP8 was showing in following places. These have been fixed:
(a) format specifier error comes in pagination on frontend(auction listing page).
(b) Admin dashboard -> Ultimate Auction -> settings -> PayPal.
(c) In email-template.php template file – Because this the winning email with PayPal payment, link was not sent properly.
4.1.3
Fix – When the text was translated to language which had single quotes then such text were causing Javascript errors. We have fixed this issue.
4.1.2
Fix – Timezone Issue – We have changed the underlying function to see that the expiration happens properly based on the timezone set inside General Setting.
4.1.1
Fix – When the admin selects any time-zone from the WordPress setting, the plugin displays the appropriate start time and end time for the auction product. Changing the time zone will not make a difference to the countdown timer.
4.1.0
Improvement – We have updated the points to set “Paypal Auto Return” url and it is now in accordance with the latest Paypal dashboard.
4.0.9
Fix – Added a flag which will check if the emails are sent and would restrict multiple emails.
Fix – Subject field of the email can now have Apostrophe.
4.0.8
Fix – Plugin was affecting the design of WP Admin Dashboard. This has been fixed.
4.0.7
Fix – We have added two separate options for banner image: Dismiss and “Cross” button. Dismiss will remove it permanently and “Cross” button will temporarily hide it until the dashboard is reloaded.
4.0.6
Improvement – We have updated our plugin with security standards of WordPress to avoid any CSRF/XSS issues.
4.0.5
New Feature – New parameter added in auction listing shortcode. Please check above FAQ section for its example.
New Feature – New filter added to change text for bid button. Please check above FAQ section for its example.
4.0.4
- New Feature – New shortcode for listing expired auction has been added. Shortcode is [wdm_auction_listing type=’expired’]
4.0.3
- Fix – If Admin has selected “Without login user can bid” then Visitor can bid multiple times specifying name and email
4.0.2
- New Feature – Plugin is now compatible with LocoTranslate plugin.
- Fix – Bidding was not working on Iphone’s chrome and safari browser.
- Fix – Added Tanzanian shilling currency.
4.0.1
- Fix – Localhost url supported to upload image or video at add auction.
- Fix – Plugin updated to support latest WP version 4.9.4. Deprecated functions removed and warning/notices have been fixed.
4.0.0
- New Feature – Responsive UI for auction pages.
3.7.7
- Fix – Add auction wasn’t working properly when Ultimate Auction -> Settings -> Auction -> Allow users to bid -> “Only if they are logged in” was configured. This has been fixed.
3.7.6
- Fix – Dutch Translation Files updated by Alex
3.7.5
- Fix – Plugin would only show comments which are approved by admin.
3.7.4
- Fix – False Error while adding auction about empty title and description has been fixed.
3.7.3
- Fix – Added UAE’s currency support
- Fix – Fixed South African currency symbol issue
- Fix – Fixed multiple emails problem.
3.7.2
- Fix – Missing file “see-more-bidder.php” has been checked in to fix Manage auction section
3.7.1
- New Feature – Auction feeder and dedicated pages are made responsive.
- New Feature – Now Bid is retained if non logged is redirected to login.
- Fix – Localhost upload problem
- Fix – Usernames are now hyperlinked to show their emails inside Manage auction section.
3.4.0
- New Feature – Deleting auction would delete its images too.
- New Feature – Manage Auction -> Expired auction -> Payment column would now highlight payment method for better readability.
- Fix – Description text would appear without HTML code.
- Fix – New layout for Settings tab and separate Payments tab to mention payment related details.
3.3.0
- Fix – Plugin comments conflicts with theme/site comments.
- Fix – Javascript code has been moved out in separate directory as it was previously posing problem with few wordpress themes.
3.2.0
- Fix – Warning message appearing under manage auction.
3.1.0
- Fix – Auction owner cannot place bid on his own auction
- Fix – Feed page overlap issue for few WP themes.
- Fix – Timer is now localized to be converted to local language.
- Fix – Popup message saying “ʺyou can be winner if you amount is close to buy nowʺ is now rectified to show at correct time.
3.0.0
- Code Update to support Proxy Bidding Addon. One needs to buy Proxy Bidding Addon for free plugin or PRO version for it.
- Code Update to support Automatic Time Extension to avoid snipping. One needs to buy Proxy Bidding Addon for free plugin or PRO version for it.
- Fix – Feed Page Image is now displayed by scaling it ratio wise which does not squeeze or blur the image.
- Fix – Default Image when no images are loaded.
- Fix – Lightbox Image container is fixed for no images. Earlier empty container was shown.
2.0.2
- Fix – Email Notification is not working for some wordpress site.
- Fix – Paypal link not proper for email clients like outlook.
2.0.1
- Support for new Search feature – Plugin will integrate with Categories Addon to display categories and search box.
- Auction short description field – New field added inside “Add Auction” form. This field is responsible in displaying auction excerpts (1 or 2 lines about auction) on feed page. Prior to this,
- All prices on front end would display decimal values upto 2 places.
- Bug – Fix provided for HTML Editor for auction description to accept new line characters.
- Bug – Email Sent via plugin would have sender name as website name.
2.0.0
- Plugin now supports Category Addon – If you want category feature then you need to buy category addon.
- Added Countdown timer for auctions.
- Breadcrumb added for dedicated auction.
- Bid Now button added on feed page.
- Lightbox feature to display auction images
1.0.5
- HTML editor added for Product description field.
- Bulk delete feature added for Manage Auction.
- Feed page Shortcode Issue resolved: Use your own text below and above shortcode.
- Resolved plugin conflicts: Renamed common variables which causes issues with other loosely coded plugins.
- Bug Resolved pertaining to End Auction when 2 bidders are competing for auction till last minute.
1.0.4
- Outbid Email which sends emails to all existing bidders that you have been outbid
- Code to integrate with Shipping Cost Addon. This lets you add shipping cost in auctions.
1.0.3
- Decimal Pricing is now possible.
To make this work: Update your plugin to 1.0.3 & then deactivate & re-activate the plugin.
1.0.2
1.0.1
- New Feature added where only registered users can place bids
- Major CRLF bug resolved
1.0.0
Alpha Launch
