Ultimate Member Widgets for Elementor – Login Form, Register Form & User Directory

2.6

• Added: UM Login Form Styler widget — style the Ultimate Member login form visually in Elementor.
• Added: UM Register Form Styler widget — drag-and-drop register form styling with full visual control.
• Added: UM Password Reset Styler widget — complete your styled authentication flow in Elementor.
• Added: Pro widget placeholders in the Elementor editor — Free users see upgrade prompt cards for locked Pro widgets directly on the Elementor canvas.

2.5

• Security: AJAX filter endpoints now verify nonce before any file I/O or class loading. Unauthenticated requests can no longer probe server-side structure.
• Security: meta_query items from the widget_settings payload are now sanitized (key, value, compare allowlist) before reaching WP_User_Query.
• Security: per_page in the UM AJAX handler clamped to a maximum of 100.
• Security: debug output (stack trace, file paths, line numbers) gated behind WP_DEBUG on all error paths.
• Security: email address removed from default public meta fields in WP User List handler.
• Fixed: sort order control now works for all options — ID, first/last name, last login, post count, email.
• Fixed: box shadow control referenced a non-existent Controls_Manager constant. Replaced with Group_Control_Box_Shadow.
• Fixed: admin notice dismiss nonce mismatch caused every dismiss click to silently fail.
• Fixed: PHP fatal when Elementor is inactive — two admin notice callbacks were referenced but never defined.
• Fixed: deprecated ElementorScheme_Color and Scheme_Typography imports in the flip card widget caused PHP warnings on Elementor 3.x.
• Fixed: widget category sometimes did not appear in the Elementor panel due to hook registration timing.
• Fixed: meta key selector ran an uncached table scan on every Elementor editor load. Results now cached for one hour.
• Fixed: Pro layout values stored in the database caused user cards to disappear. They now fall back to the card layout.
• Fixed: serialized meta LIKE query produced incorrect SQL patterns.
• Fixed: filter key sanitization used sanitize_text_field instead of sanitize_key in the UM AJAX handler.
• Fixed: widget order_by and order settings not passed to the query engine, so the panel sort setting was ignored.
• Added: Table and Carousel layout options visible in the free widget with an upgrade tooltip on click.
• Added: meta cache primed after user queries to avoid N+1 meta fetches when rendering cards.
• Added: query result transients invalidated automatically on user profile, meta, or role changes.
• Improved: user-processing loop unified into shared static methods across both AJAX handlers.
• Improved: pro upgrade notice scoped to admin-only roles and screens.
• Improved: admin notice CSS moved from inline style block to an external stylesheet.

For older entries see changelog.txt included in the plugin.