v4.9.17

dannyvankooten · dannyvankooten · commit 00da11517325 · 2024-09-17T09:48:26.000+02:00
diff --git a/mailchimp-for-wp.php b/mailchimp-for-wp.php
@@ -4,7 +4,7 @@
 Plugin Name: MC4WP: Mailchimp for WordPress
 Plugin URI: https://www.mc4wp.com/#utm_source=wp-plugin&utm_medium=mailchimp-for-wp&utm_campaign=plugins-page
 Description: Mailchimp for WordPress by ibericode. Adds various highly effective sign-up methods to your site.
-Version: 4.9.16
+Version: 4.9.17
 Author: ibericode
 Author URI: https://www.ibericode.com/
 Text Domain: mailchimp-for-wp
@@ -47,7 +47,7 @@ function _mc4wp_load_plugin()
     }
 
     // bootstrap the core plugin
-    define('MC4WP_VERSION', '4.9.16');
+    define('MC4WP_VERSION', '4.9.17');
     define('MC4WP_PLUGIN_DIR', __DIR__);
     define('MC4WP_PLUGIN_FILE', __FILE__);
 
diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Donate link: https://www.mc4wp.com/contribute/#utm_source=wp-plugin-repo&utm_med
 Tags: mailchimp, subscribe, email, newsletter, form
 Requires at least: 4.6
 Tested up to: 6.6
-Stable tag: 4.9.16
+Stable tag: 4.9.17
 License: GPLv3 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 Requires PHP: 5.6
@@ -189,6 +189,13 @@ The plugin provides various filter and action hooks that allow you to modify or
 == Changelog ==
 
 
+#### 4.9.17 - Sep 17, 2024
+
+- Fix compatibility with WooCommerce versions 8.5 to 8.8 because of private method that was later made public.
+- Fix potential reflected XSS by stripping and escaping all HTML from `{email}` tag replacements. Thanks to kauenavarro for responsibly disclosing.
+- Fix potential stored XSS for attackers with both administrator access and Mailchimp account access by escaping HTML from interest group name. Thanks to Jorge Diaz (ddiax) for responsibly disclosing.
+
+
 #### 4.9.16 - Sep 11, 2024
 
 - Add support for WooCommerce Checkout Block in sign-up checkbox integration.
@@ -1183,33 +1190,7 @@ This release updates the plugin to version 3 of the Mailchimp API. Please [read
 **Improvements**
 
 - Show dismissible notice when API key is not set.
-- Show empty API key errors in plugin log.
-- Friendlier error message for re-subscribe failures.
-
-**Additions**
-
-- Add `form.reset()` method to JS API.
-
-#### 3.1.7 - May 9, 2016
-
-**Fixes**
-
-- Shortcode wasn't accepting `element_id` as a valid attribute.
-- Take array style fields into account when checking if a form contains a given field.
-
-
-**Improvements**
-
-- Nested fields will now be properly validated when they're marked as required.
-- If plugin is installed using Composer, autoloader won't be loaded (again).
-
-
-
-#### 3.1.6 - April 12, 2016
-
-**Fixes**
-
-- ...
+- Show empty API key errors ...
 
 == Upgrade Notice ==
 
