Skip to content

v7.4.0 Lite

Released July 14, 2026

New App Integration:

New Plugin Integrations:

New Triggers:

  • Beaver Builder – A user submits a contact form #7477
  • Beaver Builder – A user submits a subscribe form #7478
  • Redirection – A 404 error is logged #7532
  • Redirection – A redirect in a group is matched #7529
  • Redirection – A redirect is created by the URL monitor #7530
  • Redirection – A redirect is deleted #7531
  • WP Activity Log – A failed login is logged #7520
  • WP Activity Log – An event for an object type is logged #7518
  • WP Activity Log – An event is logged #7521
  • WP Activity Log – An event of a type is logged #7517
  • WP Activity Log – An event with a severity is logged #7519
  • WP Fastest Cache – All cache is cleared #7535
  • Wordfence Security – A blocking rule is deleted #7513
  • Wordfence Security – A login with a breached password is blocked #7509
  • Wordfence Security – A user activates two-factor authentication #7510
  • Wordfence Security – A user deactivates two-factor authentication #7511
  • Wordfence Security – An IP is blocked/throttled #7508
  • Wordfence Security – An IP is locked out #7507
  • Wordfence Security – An admin/non-admin user logs in #7512

New Actions:

  • GoTo Meeting – Create a meeting #7994
  • GoTo Meeting – Delete a meeting #7995
  • GoTo Training – Add an attendee #7996
  • GoTo Training – Remove an attendee #7997
  • WP Fastest Cache – Purge all caches #7537
  • WP Fastest Cache – Purge the cache for a post #7538
  • Wordfence Security – Block an IP address #7514
  • Wordfence Security – Remove an IP block #7515
  • Wordfence Security – Remove an IP lockout #7516

Fixed:

  • Automator review – Added capability and nonce checks to the review settings handler, keeping unauthorized option changes firmly off the guest list. #8159
  • Bluesky – Protected post embed URL requests against SSRF, including redirects that tried to take the scenic route somewhere unsafe. #8157
  • Credits notifications – Added a capability check so lower-privileged users can no longer dismiss site-wide credit notices. #8161
  • Facebook Lead Ads – Added payload validation and optional authorization controls to webhooks, giving unexpected requests a proper ID check. #8155
  • Gravity Forms – Blank List fields no longer stop recipes during form submission. Empty lists can now pass quietly without causing a scene. #8019
  • HubSpot, Brevo, Constant Contact – Deprecated actions – Prevented deprecated actions from loading when demand-driven loading is enabled. Retired means retired. #8035
  • LearnDash – Create a group / Make the user the leader of a group – Fixed legacy option data that prevented the action configuration from opening. #8170
  • LearnDash – Restored the missing loopable tokens to the Token Loop, where they belong. #8021
  • LearnDash – Triggers – Restored the “Number of times” option for affected triggers. The counter is back on duty. #8168
  • Modern Events Calendar – Added authorization and nonce checks to event and ticket AJAX handlers for safer request handling. #8163
  • Recipe log – Secured the “View preview” popup against stored XSS by rendering its HTML inside a sandboxed iframe. The preview now stays in its lane. #8165
  • WordPress – Restored the missing loopable tokens to the Token Loop. #8028

Security Fixes:

  • Google Contacts & Mautic – Added capability and nonce checks to option fetchers, ensuring only authorized requests get through. CVE-2026-15025 #8152
  • Forminator and related token reads – Hardened token handling against PHP Object Injection. CVE-2026-15008 #8150
  • Loopable integrations (CSV/XML/JSON) – Blocked private-network requests in loopable URL fetchers and hardened token-alias migrations against object injection. #8151

Under the hood:

  • Core – Corrected app-credit limits for legacy Pro and Lifetime licenses. The numbers now behave as their licenses intended. #8138
  • Divi – Modernized the integrations using the new framework, giving the foundations a well-earned refresh. #7458
  • Uncanny Agent – Database select tool – Secured WHERE and JOIN handling with validated predicates and prepared values. Database queries now follow a stricter dress code. #8014
  • Uncanny Agent – Secured component requests with encrypted license credentials, request binding, and fail-closed handling. When verification fails, the door stays closed. #8174

← All changelog entries

Back To Top