MailNest

Changelog

1.0.5

• Fixed every remaining instance where a table name from mailnest_table() was interpolated directly into a SQL string passed to $wpdb->prepare() (rather than passed as a %i argument). This pattern is unsafe regardless of whether the other variables in the same query use real placeholders, and affected 17+ call sites across class-campaign.php, class-subscriber.php, class-cron.php, class-tracker.php, and the admin subscribers list (inactive/bounced filters)
• Rewrote the admin subscribers list “inactive” and “bounced” filter queries to use %i for all table names and $wpdb->esc_like() for search terms (previously raw string concatenation, which could also mishandle a % or _ character typed into the search box)

1.0.4

• Open/click tracking now requires a signed per-recipient token (tt) generated from campaign_id + subscriber_id, so analytics can no longer be forged by guessing sequential IDs; existing confirm/unsubscribe links already used a token and are unaffected. Click redirects still work even without a valid token — only the analytics record is gated.
• Removed the unprefixed [mn_subscribe] shortcode alias (kept [mailnest_subscribe]) to avoid naming collisions with other plugins
• All remaining direct SQL queries now go through $wpdb->prepare(), using the %i identifier placeholder (WP 6.2+) for internal table names
• Two bulk admin actions (confirm, resend) rewritten from a dynamic IN(…) placeholder pattern to a per-ID prepared-query loop, for full Plugin Check compliance
• Minimum WordPress version raised to 6.2 (required for %i placeholder support)

1.0.3

• Fixed broken unsubscribe links: the subscriber token is now retained after confirmation (it doubles as the unsubscribe token), and a token is auto-generated at send time for any legacy rows where it was previously cleared
• Popup form refactored: static layout styles moved to the enqueued stylesheet and user-configured colors delivered via wp_add_inline_style(), so styling no longer depends on inline attributes
• Fixed AJAX form-settings save writing to mn_form_* option keys while the form builder and frontend read mailnest_form_* — saved settings now apply correctly
• Replaced non-atomic set_transient() duplicate-send lock with an atomic add_option() lock (single INSERT against the unique option_name index), with automatic cleanup of the previous day’s lock
• Escaped all dynamic values in the auto-newsletter email builder (site name, tagline, accent color, post titles, excerpts, permalinks, thumbnails, categories, Twitter handle/URL) and sanitized the accent color with sanitize_hex_color()
• Popup form HTML is now output through wp_kses() with an explicit tag/attribute whitelist instead of a phpcs:ignore
• Moved remaining attribute escaping to output time (escape late) in the inline and popup form builders
• Escaped role label output on the Settings permissions table
• Debug logging is now gated behind WP_DEBUG

1.0.2

• Fixed fatal PHP error (gmgmdate typo) in auto-newsletter daily lock
• Fixed admin_url() not wrapped with esc_url() in Pro upgrade notice
• Moved wp_localize_script chart data out of view file into proper admin page callback
• Fixed unescaped output in forms.php color label, analytics.php rate columns, upgrade.php feature table
• Fixed data-id attributes missing esc_attr() in subscribers and campaign-edit views

1.0.1

• Security and compatibility improvements for WordPress.org submission
• Bundled Chart.js locally (removed CDN dependency)
• Improved input sanitization and output escaping throughout
• Fixed email sending to fall back gracefully when SMTP is not fully configured

1.0.0

• Initial release