An important security and maintenance release of TablePress is now available. TablePress 2.3.2 can be downloaded from the WordPress Plugin Directory and will show up as an update in the WordPress Dashboard for existing users shortly.
Updating to TablePress 2.3.2 is strongly recommend! Changes include:
- Security hardening (breaking change): Users with the “Author” user role are no longer allowed to import tables from URLs (CVE-2024-4354). Thanks to the Wordfence team and to Tobias Weißhaar for following responsible disclosure policies when reporting this potential issue!
- Bugfix: Improve the data type detection during an Excel import to reduce undesired consequences.
- Bugfix: Properly clean up after importing a file.
- Bugfix: Restore the data selection feature in the “Custom Search Builder” module. (TablePress Max only.)
- Enhancement: Increase compatibility with sites that remove WordPress user interface elements for certain users.
- Enhancement: Improve the user experience when dragging/dropping buttons in the “Buttons” module. (TablePress Pro and Max only.)
- Several external code libraries and build tools have been updated to benefit from enhancements and bug fixes.
For changes to previous versions in the TablePress 2.3.x release branch, see the corresponding release announcement.