v0.90.3

• Hardens xss fix for script tag by checking case insensitive and using tag_escape.

v0.90.2

• Updates fix for stored cross-site scripting from 0.90.0, now applied to all tags. From this version onwards, script is not available to use as a tag when setting an element's tag in the shortcode.

v0.90.1 - bugfix release

This release includes the following fixes:

• Fix PHP 8.2 deprecation notices #525
• Remove empty anchor tags from widget morelink #523

v0.90.0

• Fixes a Stored Cross-Site Scripting issue using excerpt_tag='script'.

v0.89.9

• Fix deprecation notices caused by tag_escape - https://wordpress.org/support/topic/php-deprecated-preg_replace-passing-null-to-parameter-3/
• Updates tested WordPress version.

v0.89.8

Fixes previous release not reporting proper version number on Plugin Repository.

v0.89.7

• Updates esc_attr for tag_escape in title_tag for extra protection.
• Fixes css class escaping in title_tag.

v0.89.6

Same as 0.89.4, more character escaping for security purposes.

This release focuses solely on making sure the plugin does not output malicious code if a post's author tries to inject code into LCP shortcodes.

Fix for broken pagination links

• Fixes an issue where pagination links are invalid after clicking any pagination link (#511).
• More html tags are now allowed in post titles. See the support thread.

Security improvements

This release focuses solely on making sure the plugin does not output malicious code if a post's author tries to inject code into LCP shortcodes.