HEX
Server: Apache/2.4.58 (Ubuntu)
System: Linux ip-10-0-0-110 6.14.0-1016-aws #16~24.04.1-Ubuntu SMP Tue Oct 14 02:15:09 UTC 2025 x86_64
User: www-data (33)
PHP: 8.3.6
Disabled: NONE
$ pwd: /var/www/html/panineeyapublicschool.net/wp-content/plugins/stop-user-enumeration-1/
Upload Files
File: /var/www/html/panineeyapublicschool.net/wp-content/plugins/stop-user-enumeration-1/changelog.txt
== Changelog ==
= 1.7.5 =
* Added PHP 8.4 compatibility
* Updated wp-env configuration to use PHP 8.4
* Added PHP 8.4 compatibility checks to build process

= 1.7.4 =
* fix changelog

= 1.7.3 =
* Fixed URL-encoding bypass vulnerability in REST API protection
* Fixed simple-jwt-login bypass vulnerability by checking exceptions only in route paths, not query parameters
* Improved REST API security by using WordPress REST API methods instead of checking REQUEST_URI
* Enhanced IP address validation using FILTER_VALIDATE_IP
* Fixed X-Forwarded-For header handling to properly parse multiple IPs
* Fix ability to by-pass the WP REST API protection functionality, props Bob @ WpScan

= 1.7.1 =
* add developer hooks and filters for extending plugin functionality
* added stop_user_enumeration_ip filter to allow modifying detected IP addresses
* added stop_user_enumeration_should_block filter to conditionally allow or block requests
* added stop_user_enumeration_attempt action hook for processing enumeration attempts
* fix doing_it_wrong notice  for WP 6.8

= 1.7 =
* add opt in library

= 1.6.3 =
* fix warning with die

= 1.6.2 =
* set wp_die to return 403
* added defer to script

= 1.6.1 =
* updated tested to 6.6

= 1.6 =
* change getenv to $_SERVER for better compatability
* added extra sanitization to meet current plugin repo standards
* allow exception for Simple JWT Login rest route and add filters to adjust match and exception of rest rules

= 1.5.0 =
* remove admin notifications for reviews and donations

= 1.4.9 =
* update library

= 1.4.8 =
* update library

= 1.4.7 =
* update library to remove deprecation notices

= 1.4.6 =
* set default option early enough for multi site network wide activation

= 1.4.5 =
* remove redundant CSS and fonts

= 1.4.3 =
* add buy me a coffee donation

= 1.4.3 =
* Move query arg to init hook to avoid unnecessary warnings
* Update donation lib

= 1.4.2 =
* Fix edge case where review / donate become undismissible

= 1.4.1 =
* Tidy donation library for build to remove dev dependencies

= 1.4.0 =
* Remove freemius library and optional registration
* Add donation and contribution notices

= 1.3.32 =
* be case insensitive when checking REST API

= 1.3.31 =
* Upgrade to version 1.3.30 to disable author site maps - you will need to enable in settings (closes issue #6)


= 1.3.30 =
* option to remove author site maps

= 1.3.29 =
* Minor javascript fix
* better IP detection for proxies

= 1.3.28 =
* Library update

= 1.3.27 =
* Removed console issue when no comments turned on

= 1.3.26 =
* Updated library

= 1.3.25 =
* Removed link

= 1.3.24 =
* Changed settings page

= 1.3.23 =
* Removed donate link

= 1.3.22 =
* Moved support link to settings page to reduce menu clutter
* Updated Freemius library to 2.3.0

= 1.3.21 =
* Changed menu name and support link

= 1.3.20 =
* minor improvement

= 1.3.19 =
* minor improvement

= 1.3.18 =
* minor tweak to work better with 5.0

= 1.3.17 =
* changed settings page to stop random metaboxes

= 1.3.16 =
* Reworked settings page

= 1.3.15 =
* fix to ensure scripts not enqueued unless required

= 1.3.14 =
* fix double plugin header

= 1.3.13 =
* ability to link to shared host firewall ( fullworks-firewall )

= 1.3.12 =

* Resolve some missing files

= 1.3.11 =

* Added language localisation for translations
* Added Spanish translation

= 1.3.10 =

Fixed unused javascript & css in settings page

= 1.3.9 =

Added language settings to allow translation.

Sanitized text being written to syslog

Closed potential REST API bypass

= 1.3.8 =

Security fix to stop XSS exploit

Also coded so should work with PHP 5.3 - although PHP 5.3. has been end of life for over two years it seems some hosts still use this. This is a security risk in its own right and
sites using PHP 5.3 should try to upgrade to a supported version of PHP, but this change is for backward compatibility.

= 1.3.7 =

Fix to allow deprecated PHP Version 5.4 to work, as 5.4 seems to still be in common use despite end of life

Note this code wont work on PHP 5.3

= 1.3.6 =

Fix PHP error

= 1.3.5 =

* full rewrite
* Changed detection rules to stop a reported bypass
* Added detection and suppression of REST API calls to user data
* Added settings page to allow REST API calls or stop system logging as required
* Added code to remove numbers from comment authors, and setting to turn that off
@ Telegram