Major Update: Complete UI Overhaul + Security Hardening
Security Fixes:
* π Fixed Stored XSS vulnerability (CVE-2025-47638) – Enhanced input sanitization to prevent script injection
* π‘οΈ Added wp_strip_all_tags() to all text field sanitization for additional security
* β
Strengthened hex color validation with fallback to safe default
* π All outputs properly escaped with esc_html(), esc_attr(), and esc_url()
New Features:
* π¨ Complete modern UI redesign with card-based layout
* π· WordPress media library integration for server icons
* π― Live embed preview with real-time updates
* π Beautiful visual stats cards with gradient icons
* π Toggle switches for better UX
* π± Fully responsive design for mobile devices
* βΉοΈ Inline help tooltips for every setting
* π Enhanced plugin meta links (Support, Changelog, GitHub, Donate, Translate)
Improvements:
* Modern WordPress admin styling matching WP 6.7 standards
* Better default values (Discord blue color, plugin icon as default image)
* Improved button layouts and spacing
* Enhanced form field organization
* Better visual hierarchy
Changes:
* Updated plugin description for better clarity
* Bumped version to 2.6.0
* Updated default embed color to Discord brand blue (#5865f2)
* Changed default image from external URL to plugin icon
Security Fixes:
* π Fixed Authenticated Stored XSS (CVE-2023-5181) – Added proper sanitization and escaping for all settings
* Enhanced output escaping throughout plugin
Other Changes:
* Various bug fixes
* Performance improvements
Security Fixes:
* π Fixed CSRF vulnerability (CVE-2023-5006) – Added proper nonce validation to settings update
* WordPress Settings API now properly validates all form submissions
Bug Fixes:
* Fixed Discord OAuth login issue
* Fixed webhook posting problems
* Multiple stability improvements
Plugin Website
Visit website
Share Post
Get insights into whatβs happening at ChangelogWP right in your inbox. We donβt believe in spam.
