v7.4.0 Lite
Released July 14, 2026
New App Integration:
- GoTo Meeting #7993
New Plugin Integrations:
- Beaver Builder #7476
- Redirection #7533
- WP Activity Log #7522
- WP Fastest Cache #7534
- Wordfence Security #7506
New Triggers:
- Beaver Builder – A user submits a contact form #7477
- Beaver Builder – A user submits a subscribe form #7478
- Redirection – A 404 error is logged #7532
- Redirection – A redirect in a group is matched #7529
- Redirection – A redirect is created by the URL monitor #7530
- Redirection – A redirect is deleted #7531
- WP Activity Log – A failed login is logged #7520
- WP Activity Log – An event for an object type is logged #7518
- WP Activity Log – An event is logged #7521
- WP Activity Log – An event of a type is logged #7517
- WP Activity Log – An event with a severity is logged #7519
- WP Fastest Cache – All cache is cleared #7535
- Wordfence Security – A blocking rule is deleted #7513
- Wordfence Security – A login with a breached password is blocked #7509
- Wordfence Security – A user activates two-factor authentication #7510
- Wordfence Security – A user deactivates two-factor authentication #7511
- Wordfence Security – An IP is blocked/throttled #7508
- Wordfence Security – An IP is locked out #7507
- Wordfence Security – An admin/non-admin user logs in #7512
New Actions:
- GoTo Meeting – Create a meeting #7994
- GoTo Meeting – Delete a meeting #7995
- GoTo Training – Add an attendee #7996
- GoTo Training – Remove an attendee #7997
- WP Fastest Cache – Purge all caches #7537
- WP Fastest Cache – Purge the cache for a post #7538
- Wordfence Security – Block an IP address #7514
- Wordfence Security – Remove an IP block #7515
- Wordfence Security – Remove an IP lockout #7516
Fixed:
- Automator review – Added capability and nonce checks to the review settings handler, keeping unauthorized option changes firmly off the guest list. #8159
- Bluesky – Protected post embed URL requests against SSRF, including redirects that tried to take the scenic route somewhere unsafe. #8157
- Credits notifications – Added a capability check so lower-privileged users can no longer dismiss site-wide credit notices. #8161
- Facebook Lead Ads – Added payload validation and optional authorization controls to webhooks, giving unexpected requests a proper ID check. #8155
- Gravity Forms – Blank List fields no longer stop recipes during form submission. Empty lists can now pass quietly without causing a scene. #8019
- HubSpot, Brevo, Constant Contact – Deprecated actions – Prevented deprecated actions from loading when demand-driven loading is enabled. Retired means retired. #8035
- LearnDash – Create a group / Make the user the leader of a group – Fixed legacy option data that prevented the action configuration from opening. #8170
- LearnDash – Restored the missing loopable tokens to the Token Loop, where they belong. #8021
- LearnDash – Triggers – Restored the “Number of times” option for affected triggers. The counter is back on duty. #8168
- Modern Events Calendar – Added authorization and nonce checks to event and ticket AJAX handlers for safer request handling. #8163
- Recipe log – Secured the “View preview” popup against stored XSS by rendering its HTML inside a sandboxed iframe. The preview now stays in its lane. #8165
- WordPress – Restored the missing loopable tokens to the Token Loop. #8028
Security Fixes:
- Google Contacts & Mautic – Added capability and nonce checks to option fetchers, ensuring only authorized requests get through. CVE-2026-15025 #8152
- Forminator and related token reads – Hardened token handling against PHP Object Injection. CVE-2026-15008 #8150
- Loopable integrations (CSV/XML/JSON) – Blocked private-network requests in loopable URL fetchers and hardened token-alias migrations against object injection. #8151
Under the hood:
- Core – Corrected app-credit limits for legacy Pro and Lifetime licenses. The numbers now behave as their licenses intended. #8138
- Divi – Modernized the integrations using the new framework, giving the foundations a well-earned refresh. #7458
- Uncanny Agent – Database select tool – Secured WHERE and JOIN handling with validated predicates and prepared values. Database queries now follow a stricter dress code. #8014
- Uncanny Agent – Secured component requests with encrypted license credentials, request binding, and fail-closed handling. When verification fails, the door stays closed. #8174