=== WebPurify Profanity Filter ===
Contributors: webpurify
Authors: WebPurify
Tags: comments, profanity, filter, filtered, swearing, post, admin, buddypress, bbpress
Contact: support@webpurify.com
Tested up to: 6.4
Requires at least: 2.9
Stable tag: 4.0.3
Requires PHP: 5.6
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
Uses the powerful WebPurify™ Profanity Filter API to stop profanity in comments.
== Description ==
WebPurify™ is an accurate and efficient profanity filter web service. With WebPurify, the profanity list updates automatically to maximize accuracy. In addition to scanning for profanity, WebPurify allows the user to add their personal list of words to filter.
Our WordPress plugin has two options:
a. Replace every character of any words deemed profane by WebPurify with a "*" symbol and work with BuddyPress as well. (default)
b. Prevent users from entering profanity entirely with an alert asking them to correct their text.
Language Support for English, Arabic, French, German, Hindi, Italian, Japanese, Portuguese, Russian, Spanish, Thai, Turkish, Chinese, Korean, Punjabi
You can purchase a license key at our site.
We also provide 14 day trial licenses for free.
== Installation ==
1. Unzip the file and then upload the entire "webpurify" folder to wp-content/plugins directory. Make sure to add the whole folder, not the individual files.
2. Activate it in the Plugin options.
3. Go to the Admin -> Settings -> WebPurify page to enter your WebPurify API Key.
You can get an API key by going to: https://www.webpurify.com/
Please note this plug-in require SimpleXML extension to work properly.
== Changelog ==
= 4.0.3 - 2026-02-06 =
* **SECURITY FIX:** Fixed CVE-2026-0572 - Unauthorized modification of data vulnerability
* Added capability check to webpurify_save_options() to ensure only administrators can modify settings
* Added nonce verification for CSRF protection
* Improved error handling with user-friendly error messages
* Enhanced security with proper authentication and authorization checks
* All users should update immediately to this version
= 4.0.2 =
* Previous release (contains security vulnerability - please update to 4.0.3)
= 4.0.1 =
* Previous release
= 4.0.0 =
* Previous release
== Upgrade Notice ==
= 4.0.3 =
**CRITICAL SECURITY UPDATE:** This version fixes CVE-2026-0572, a vulnerability that allowed unauthorized users to modify plugin settings. Update immediately. This update adds proper capability checks and CSRF protection. No functionality changes for legitimate admin users.
= 4.0.2 =
Contains a security vulnerability. Please update to 4.0.3 immediately.
== Frequently Asked Questions ==
= Is this update safe to install? =
Yes, this is a security-focused update that maintains full backward compatibility. All existing functionality works exactly as before, but with enhanced security protection.
= Will this affect my existing settings? =
No, all your existing settings (API keys, filters, language preferences) will remain unchanged. Only the security of the settings page has been improved.
= What was the security issue? =
Version 4.0.2 and earlier had a missing capability check that could allow unauthorized users to modify plugin settings. Version 4.0.3 fixes this by ensuring only WordPress administrators can access the settings.
== Support ==
Have any problems, questions, or ideas? Please contact us at support@webpurify.com
== Security ==
If you discover a security vulnerability within this plugin, please send an email to support@webpurify.com. All security vulnerabilities will be promptly addressed.