version 15.1.4

Author: bgermann

cforms.php

@@ -20,13 +20,13 @@
  * Plugin URI: https://wordpress.org/plugins/cforms2/
  * Description: cformsII is a customizable, flexible and powerful form plugin including simple spam protection, multi-step forms, role manager support and custom themes.
  * Author: Oliver Seidel, Bastian Germann
- * Version: 15.1.3
+ * Version: 15.1.4
  * Requires at least: 6.9
  * Text Domain: cforms2
  */
 namespace Cforms2;
 
-define('CFORMS2_VERSION', '15.1.3');
+define('CFORMS2_VERSION', '15.1.4');
 
 // Debug message handling.
 if (!defined('WP_DEBUG_CFORMS2')) {

readme.txt

@@ -13,7 +13,7 @@ This is a fork of cformsII, a highly customizable, flexible and powerful form bu
 
 If you want to use plugin versions older than 14.6.3, you should rename the directory containing the plugin from "cforms2" to "cforms". But bear in mind that old versions should not be used in public systems, because they contain [known serious vulnerabilities](https://wpvulndb.com/plugins/cforms) that are exploited in the wild.
 
-The [current security baseline version](https://wpvulndb.com/plugins/cforms2) is 15.0.7.
+The [current security baseline version](https://wpvulndb.com/plugins/cforms2) is 15.1.4.
 
 
 == Related Plugins ==
@@ -86,12 +86,17 @@ cformsII can be extended via WordPress actions and filters. You find their 'cfor
 
 == Upgrade Notice ==
 
-= 15.1.3 =
+= 15.1.4 =
 The tracking database feature and its view are removed with cformsII 15.0+. Your data still exists in the database. Please have a look at CFDB plugin as a replacement.
 
 
 == Changelog ==
 
+= 15.1.4 =
+
+* bugfix:   Fix XSS in hidden field
+* bugfix:   cforms2_delete_db_and_deactivate: Check nonce to prevent CSRF
+
 = 15.1.3 =
 
 * bugfix:   Add wp_mail_charset filter to work around empty charset