Title: aswinikumar's Replies | WordPress.org --- # aswinikumar [ ](https://wordpress.org/support/users/aswinikumar/) * [Profile](https://wordpress.org/support/users/aswinikumar/) * [Topics Started](https://wordpress.org/support/users/aswinikumar/topics/) * [Replies Created](https://wordpress.org/support/users/aswinikumar/replies/) * [Reviews Written](https://wordpress.org/support/users/aswinikumar/reviews/) * [Topics Replied To](https://wordpress.org/support/users/aswinikumar/replied-to/) * [Engagements](https://wordpress.org/support/users/aswinikumar/engagements/) * [Favorites](https://wordpress.org/support/users/aswinikumar/favorites/) Search replies: ## Forum Replies Created Viewing 1 replies (of 1 total) * Forum: [Reviews](https://wordpress.org/support/forum/reviews/) In reply to: [[Cutmap Editorial Workflow] Feedback regarding bugs and issues](https://wordpress.org/support/topic/feedback-regarding-bugs-and-issues/) * Plugin Author [aswinikumar](https://wordpress.org/support/users/aswinikumar/) * (@aswinikumar) * [5 days, 14 hours ago](https://wordpress.org/support/topic/feedback-regarding-bugs-and-issues/#post-18896211) * Subject: Re: Cutmap Editorial Workflow Feedback Response * Hello, * Thank you so much for taking the time to review the plugin so thoroughly. Your feedback was very accurate and genuinely helpful I have gone through each point carefully and addressed all of them in version 1.4.6. * Here is what was fixed: 1. Hardcoded password — Completely removed. Sample users are now created with wp_generate_password( 16, true), generating a unique random password per user. The password is shown once in the admin panel at creation time and never stored in code. 2. REST API bypass — Added a rest_pre_insert_{post_type} filter that blocks any publish attempt via the REST API if the post is under active workflow and has not been approved. It returns a proper 403 error response. 3. Approved snapshot overwritten on rejection — This was a real bug, thank you for catching it. The set_approved_snapshot() call has been removed from the reject() function entirely. The approved snapshot now only updates when an approver explicitly approves — so visitors always see the last correctly approved version. 4. DB schema check on every page load — Fixed. The schema check is now version- guarded using a wp_options flag and only runs on plugin activation or version upgrade, not on every request. 5. Uninstall leaving data behind — The uninstall handler now drops all custom database tables, removes all plugin post meta, and deletes all plugin options. No manual cleanup needed after deletion. 6. Audit log overwriting rows — Fixed. The log_event() function now always inserts a new row (append-only). The full history of intermediate changes is preserved. * Your analysis was spot-on across all six points. I really appreciate the depth of review — it made the plugin significantly more solid. Please do let me know if you notice anything else. * Best regards M.Aswini kumar Viewing 1 replies (of 1 total)