QSM – Extra Shortcodes – Version – 4.1.2

4.1.2 (June 17, 2026)

  • Enhancement: Replaced eval() in calculated-field shortcodes with a safe math parser to prevent remote code execution (RCE)
  • Enhancement: Added nonce and capability checks to settings handlers and license validation requests
  • Patch: Fixed SQL injection via shortcode attributes by whitelisting score column and type values

    • 4.1.1 (March 19, 2026)

  • Bug: Fixed an issue causing divide-by-zero errors in score and points calculation
    • Go back to the download's page