## Changelog

**v2.3.1 (29 Jun, 2026)**
- **Security:** Fixed a stored XSS vulnerability in the Sidebar block where crafted connector-width and heading-tag attributes could inject scripts into rendered pages.
- **Security:** Added administrator capability and nonce verification to the BetterDocs migration so it can no longer be triggered by lower-privileged users.
- **Fixed:** The vendor documentation action now appears only when Dokan is active.