Newsletters 4.11 Release Notes

Release notes for version 4.11 of the WordPress Newsletter plugin.

Added

• `eflength` argument to posts_multiple shortcode to control excerpt length.
• `category_allexcept` argument to exclude specified categories in posts query.
• `eflength_incl_excerpt` attribute to [newsletters_posts] to optionally limit manual excerpts to the eflength word count.

Improved

• Modified et_message to apply custom excerpt length via filter when eflength is set, and fallback to WordPress default excerpt length when eflength is not provided.
• Make Resend button and Send Manage Subscription Email PRO features.
• Get the readmore text from the configurations first in newsletters_posts shortcode.

Fixed

• Resolved Local File Inclusion vulnerability in themebyname action by sanitizing input and restricting file inclusion to the themes directory (credits: Nguyen Xuan Chien via Patchstack).
• CSRF vulnerability (reported by Nguyen Xuan Chien, Patchstack) that allowed an attacker to trick a logged-in administrator into deleting or duplicating any template. All state-changing theme actions now require a valid WordPress nonce.
• Plus signs in newsletter links no longer turn into spaces. Switched to rawurldecode() to preserve “+” characters.