Update to oik v4.15.2 for a security fix; only enable a particular AJAX request for users who can edit posts.
Changes
| Change | Reference |
|---|---|
| Fixed: Prevent unauthorised users (subscribers) from listing shortcodes via AJAX | Props: Ngô Thái An |
Tested
- Tested: With WordPress 6.8.1 and WordPress Multisite
- Tested: With PHP 8.3 & PHP 8.4
- Tested: With PHPUnit 9.6, 10 and 11
