Release/2.0.1

CHANGELOG.md

@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file, per [the Ke
 
 ## [Unreleased] - TBD
 
+## [2.0.1] - 2026-01-08
+
+### Fixed
+
+- Plugin check plugin errors to improve overall codebase (props [@iamdharmesh](https://github.com/iamdharmesh), [@joemcgill](https://github.com/joemcgill), [@dkotter](https://github.com/dkotter), [@qasumitbagthariya](https://github.com/qasumitbagthariya)).
+
+### Changed
+
+- Bump WordPress "tested up to" version 6.9 (props [@iamdharmesh](https://github.com/iamdharmesh), [@joemcgill](https://github.com/joemcgill), [@qasumitbagthariya](https://github.com/qasumitbagthariya)).
+
 ## [2.0.0] - 2025-08-11
 
 ### Added
@@ -352,6 +362,7 @@ All notable changes to this project will be documented in this file, per [the Ke
 - Security and various other improvements
 
 [Unreleased]: https://github.com/mailchimp/wordpress/compare/main...develop
+[2.0.1]: https://github.com/mailchimp/wordpress/compare/2.0.0...2.0.1
 [2.0.0]: https://github.com/mailchimp/wordpress/compare/1.9.0...2.0.0
 [1.9.0]: https://github.com/mailchimp/wordpress/compare/1.8.0...1.9.0
 [1.8.0]: https://github.com/mailchimp/wordpress/compare/1.7.0...1.8.0

CREDITS.md

@@ -12,7 +12,7 @@ The following individuals are responsible for curating the list of issues, respo
 
 Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc.
 
-[Mailchimp (@mailchimp)](https://github.com/mailchimp), [Crowd Favorite (@crowdfavorite)](https://github.com/crowdfavorite), [Matthew Richmond (@bigdawggi)](https://github.com/bigdawggi), [Devin Reams (@devinreams)](https://github.com/devinreams), [Alex King (@alexkingorg)](https://github.com/alexkingorg), [Jesse (@jessedp)](https://github.com/jessedp), [Andrew Ellis](awellis@me.com), [Evan Anderson (@ejdanderson)](https://github.com/ejdanderson), [Webb Henderson (@emerywebster)](https://github.com/emerywebster), [Steven Mathias (@ssmathias)](https://github.com/ssmathias), [Jonathan D. Johnson (@jondavidjohn)](https://github.com/jondavidjohn), [Ross Tweedie (@digitales)](https://github.com/digitales), [(@mcwill)](https://github.com/mcwill), [Andrew Austin (@andrewjaustin)](https://github.com/andrewjaustin), [Marc Queralt i Bassa (@MarcQueralt)](https://github.com/MarcQueralt), [Chris Mospaw (@mospaw)](https://github.com/mospaw), [Jonas Stensved (@jstensved)](https://github.com/jstensved), [netboy](netboy@netboy.pl), [Lenin](lenin@tasawr.com), [Bauke Zwaan (@baukezwaan)](https://github.com/baukezwaan), [Jascha Ehrenreich (@jaeh)](https://github.com/jaeh), [Chris Wilcoxson (@slushman)](https://github.com/slushman), [Luke Watts (@thisislawatts)](https://github.com/thisislawatts), [Glenn Ansley (@glennansley)](https://github.com/glennansley), [SiteGround](http://www.siteground.com/wordpress-hosting.htm), [Peter Kahoun](http://kahi.cz/), [Jan Lund](), [Michael Jaekel](), [Ιωάννης Δημοφέρλιας (John Dimoferlias)](), [Tomás Nader](), [Claudia Mansilla](http://cricava.com/), [Helen Urbanik](http://www.motomaania.ee/), [Maxime Toulliou](http://www.maximetoulliou.com/), [שגיב בית](http://www.sagive.co.il), [Okostobi](), [Stefan Des](http://www.stefandes.com), [백선기 (SK Baek)](), [Alexander Roterud aka Defrag](http://www.tigerpews.com), [Filip Stas](http://suddenelfilio.net/), [Maria Manoela Porto](), [Tiago Faria](http://xroot.org), [Alexandru Armin Roșu](), [Илья](http://fatcow.com), [Sebastian Johnsson](http://www.agiley.se/), [Hakan E.](http://kazancexpert.com/), [Josh Grosser (@jgrosser-intuit)](https://github.com/jgrosser-intuit), [10up (@10up)](https://github.com/10up), [Nate Conley (@nateconley)](https://github.com/nateconley), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Eddie Shrake (@eddieshrake)](https://github.com/eddieshrake), [Sumit Bagthariya (@qasumitbagthariya)](https://github.com/qasumitbagthariya), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [GitHub Dependabot (@dependabot)](https://github.com/apps/dependabot), [Jer Clarke (@jerclarke)](https://github.com/jerclarke), [Max Garceau (@MaxwellGarceau)](https://github.com/MaxwellGarceau), [Nathan Tetzlaff](), [Romain Deville](https://www.linkedin.com/in/devilleromain/).
+[Mailchimp (@mailchimp)](https://github.com/mailchimp), [Crowd Favorite (@crowdfavorite)](https://github.com/crowdfavorite), [Matthew Richmond (@bigdawggi)](https://github.com/bigdawggi), [Devin Reams (@devinreams)](https://github.com/devinreams), [Alex King (@alexkingorg)](https://github.com/alexkingorg), [Jesse (@jessedp)](https://github.com/jessedp), [Andrew Ellis](awellis@me.com), [Evan Anderson (@ejdanderson)](https://github.com/ejdanderson), [Webb Henderson (@emerywebster)](https://github.com/emerywebster), [Steven Mathias (@ssmathias)](https://github.com/ssmathias), [Jonathan D. Johnson (@jondavidjohn)](https://github.com/jondavidjohn), [Ross Tweedie (@digitales)](https://github.com/digitales), [(@mcwill)](https://github.com/mcwill), [Andrew Austin (@andrewjaustin)](https://github.com/andrewjaustin), [Marc Queralt i Bassa (@MarcQueralt)](https://github.com/MarcQueralt), [Chris Mospaw (@mospaw)](https://github.com/mospaw), [Jonas Stensved (@jstensved)](https://github.com/jstensved), [netboy](netboy@netboy.pl), [Lenin](lenin@tasawr.com), [Bauke Zwaan (@baukezwaan)](https://github.com/baukezwaan), [Jascha Ehrenreich (@jaeh)](https://github.com/jaeh), [Chris Wilcoxson (@slushman)](https://github.com/slushman), [Luke Watts (@thisislawatts)](https://github.com/thisislawatts), [Glenn Ansley (@glennansley)](https://github.com/glennansley), [SiteGround](http://www.siteground.com/wordpress-hosting.htm), [Peter Kahoun](http://kahi.cz/), [Jan Lund](), [Michael Jaekel](), [Ιωάννης Δημοφέρλιας (John Dimoferlias)](), [Tomás Nader](), [Claudia Mansilla](http://cricava.com/), [Helen Urbanik](http://www.motomaania.ee/), [Maxime Toulliou](http://www.maximetoulliou.com/), [שגיב בית](http://www.sagive.co.il), [Okostobi](), [Stefan Des](http://www.stefandes.com), [백선기 (SK Baek)](), [Alexander Roterud aka Defrag](http://www.tigerpews.com), [Filip Stas](http://suddenelfilio.net/), [Maria Manoela Porto](), [Tiago Faria](http://xroot.org), [Alexandru Armin Roșu](), [Илья](http://fatcow.com), [Sebastian Johnsson](http://www.agiley.se/), [Hakan E.](http://kazancexpert.com/), [Josh Grosser (@jgrosser-intuit)](https://github.com/jgrosser-intuit), [10up (@10up)](https://github.com/10up), [Nate Conley (@nateconley)](https://github.com/nateconley), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Eddie Shrake (@eddieshrake)](https://github.com/eddieshrake), [Sumit Bagthariya (@qasumitbagthariya)](https://github.com/qasumitbagthariya), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [GitHub Dependabot (@dependabot)](https://github.com/apps/dependabot), [Jer Clarke (@jerclarke)](https://github.com/jerclarke), [Max Garceau (@MaxwellGarceau)](https://github.com/MaxwellGarceau), [Nathan Tetzlaff](), [Romain Deville](https://www.linkedin.com/in/devilleromain/), [@joemcgill](https://github.com/joemcgill).
 
 ## Libraries
 

includes/admin/class-mailchimp-user-sync.php

@@ -325,7 +325,8 @@ public function subscriber_status_field() {
 					_n(
 						'You will need %1$sa Mailchimp plan%2$s that includes %3$d contact.',
 						'You will need %1$sa Mailchimp plan%2$s that includes %3$d contacts.',
-						absint( $users_count )
+						absint( $users_count ),
+						'mailchimp'
 					),
 					'<a href="https://mailchimp.com/help/about-mailchimp-pricing-plans/" target="_blank" rel="noopener noreferrer">',
 					'</a>',

includes/admin/templates/header.php

@@ -68,4 +68,4 @@
 			</div>
 		<?php endif; ?>
 	</div>
-</div>
+</div>

includes/admin/templates/settings.php

@@ -94,6 +94,7 @@ function ( $ele ) {
 									</div>
 									<div class="mailchimp-sf-settings-list-select-button">
 										<input type="hidden" name="mcsf_action" value="update_mc_list_id" />
+										<?php wp_nonce_field( 'update_mc_list_id_action', 'update_mc_list_id_nonce' ); ?>
 										<input type="submit" name="submit" value="<?php esc_attr_e( 'Fetch list settings', 'mailchimp' ); ?>" class="mailchimp-sf-button btn-secondary" />
 									</div>
 								</div>

includes/admin/templates/setup-page.php

@@ -224,7 +224,7 @@
 							<tr>
 								<th class="mailchimp-sf-option-header">
 									<label for="mc_nuke_all_styles">
-										<?php esc_html_e( 'Remove CSS' ); ?>
+										<?php esc_html_e( 'Remove CSS', 'mailchimp' ); ?>
 									</label>
 								</th>
 								<td>
@@ -234,7 +234,7 @@
 											<input type="checkbox" name="mc_nuke_all_styles" id="mc_nuke_all_styles" class="mailchimp-sf-checkbox" <?php checked( get_option( 'mc_nuke_all_styles' ), true ); ?> onclick="showMe('mc-custom-styling')"/>
 										</div>
 										<label for="mc_nuke_all_styles">
-											<?php esc_html_e( 'This will disable all Mailchimp CSS, so it\'s recommended for WordPress experts only.' ); ?>
+											<?php esc_html_e( 'This will disable all Mailchimp CSS, so it\'s recommended for WordPress experts only.', 'mailchimp' ); ?>
 										</label>
 									</div>
 								</td>
@@ -265,7 +265,7 @@
 											<input type="checkbox" name="mc_custom_style" id="mc_custom_style" class="mailchimp-sf-checkbox"<?php checked( get_option( 'mc_custom_style' ), 'on' ); ?> />
 										</div>
 										<label for="mc_custom_style">
-											<?php esc_html_e( 'Edit the default Mailchimp CSS style.' ); ?>
+											<?php esc_html_e( 'Edit the default Mailchimp CSS style.', 'mailchimp' ); ?>
 										</label>
 									</div>
 								</td>

includes/class-mailchimp-form-submission.php

@@ -99,6 +99,7 @@ public function handle_form_submission() {
 		$merge_fields          = get_option( 'mc_merge_vars', array() );
 		$interest_groups       = get_option( 'mc_interest_groups', array() );
 
+		// phpcs:disable WordPress.Security.NonceVerification.Missing -- Nonce check is already done in the request_handler() function.
 		// Check if request from latest block.
 		if ( isset( $_POST['mailchimp_sf_list_id'] ) ) {
 			$list_id               = isset( $_POST['mailchimp_sf_list_id'] ) ? sanitize_text_field( wp_unslash( $_POST['mailchimp_sf_list_id'] ) ) : '';
@@ -148,6 +149,7 @@ public function handle_form_submission() {
 		} else {
 			$email_type = 'html';
 		}
+		// phpcs:enable WordPress.Security.NonceVerification.Missing
 
 		$response = $this->subscribe_to_list(
 			$list_id,
@@ -251,10 +253,11 @@ public function prepare_merge_fields_body( $merge_fields, $skip_merge_validation
 			$opt = 'mc_mv_' . $tag;
 
 			// Skip if the field is not required and not submitted.
-			if ( ( true !== (bool) $merge_field['required'] && ! isset( $_POST[ $opt ] ) ) || $skip_merge_validation ) {
+			if ( ( true !== (bool) $merge_field['required'] && ! isset( $_POST[ $opt ] ) ) || $skip_merge_validation ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce check is already done in the request_handler() function.
 				continue;
 			}
 
+			// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce check is already done in the request_handler() function.
 			$opt_val = isset( $_POST[ $opt ] ) ? map_deep( stripslashes_deep( $_POST[ $opt ] ), 'sanitize_text_field' ) : '';
 
 			switch ( $merge_field['type'] ) {
@@ -339,6 +342,7 @@ public function prepare_groups_body( $interest_groups ) {
 
 		foreach ( $interest_groups as $interest_group ) {
 			$ig_id = $interest_group['id'];
+			// phpcs:disable WordPress.Security.NonceVerification.Missing -- Nonce check is already done in the request_handler() function.
 			if ( isset( $_POST['group'][ $ig_id ] ) && 'hidden' !== $interest_group['type'] ) {
 				switch ( $interest_group['type'] ) {
 					case 'dropdown':
@@ -367,6 +371,7 @@ public function prepare_groups_body( $interest_groups ) {
 						break;
 				}
 			}
+			// phpcs:enable WordPress.Security.NonceVerification.Missing
 		}
 		return $groups;
 	}
@@ -544,6 +549,7 @@ public function remove_empty_merge_fields( $merge ) {
 	 * @return bool|WP_Error True if valid, WP_Error if invalid.
 	 */
 	protected function validate_form_submission() {
+		// phpcs:disable WordPress.Security.NonceVerification.Missing -- Nonce check is already done in the request_handler() function.
 		$spam_message = esc_html__( "We couldn't process your submission as it was flagged as potential spam. Please try again.", 'mailchimp' );
 		// Make sure the honeypot field is set, but not filled (if it is, then it's a spam).
 		if ( ! isset( $_POST['mailchimp_sf_alt_email'] ) || ! empty( $_POST['mailchimp_sf_alt_email'] ) ) {
@@ -579,5 +585,6 @@ protected function validate_form_submission() {
 		 * @param array $post_data The $_POST data.
 		 */
 		return apply_filters( 'mailchimp_sf_form_submission_validation', true, $_POST );
+		// phpcs:enable WordPress.Security.NonceVerification.Missing
 	}
 }

mailchimp.php

@@ -1,10 +1,10 @@
 <?php
 /**
- * Plugin Name:       Mailchimp
+ * Plugin Name:       Mailchimp List Subscribe Form
  * Plugin URI:        https://mailchimp.com/help/connect-or-disconnect-list-subscribe-for-wordpress/
  * Description:       Add a Mailchimp signup form block, widget or shortcode to your WordPress site.
  * Text Domain:       mailchimp
- * Version:           2.0.0
+ * Version:           2.0.1
  * Requires at least: 6.4
  * Requires PHP:      7.0
  * PHP tested up to:  8.3
@@ -67,7 +67,7 @@ function () {
 use function Mailchimp\WordPress\Includes\Admin\{admin_notice_error, admin_notice_success};
 
 // Version constant for easy CSS refreshes
-define( 'MCSF_VER', '2.0.0' );
+define( 'MCSF_VER', '2.0.1' );
 
 // What's our permission (capability) threshold
 define( 'MCSF_CAP_THRESHOLD', 'manage_options' );
@@ -421,7 +421,7 @@ function mailchimp_sf_set_form_defaults( $list_name = '' ) {
  * @return void
  **/
 function mailchimp_sf_save_general_form_settings() {
-
+	// phpcs:disable WordPress.Security.NonceVerification.Missing -- Nonce check is already done in the mailchimp_sf_request_handler() function.
 	/*Enable double optin toggle*/
 	if ( isset( $_POST['mc_double_optin'] ) ) {
 		update_option( 'mc_double_optin', true );
@@ -447,11 +447,11 @@ function mailchimp_sf_save_general_form_settings() {
 	/* Update existing */
 	if ( isset( $_POST['mc_update_existing'] ) ) {
 		update_option( 'mc_update_existing', true );
-		$msg = esc_html__( 'Update existing subscribers turned On!' );
+		$msg = esc_html__( 'Update existing subscribers turned On!', 'mailchimp' );
 		admin_notice_success( $msg );
 	} elseif ( get_option( 'mc_update_existing' ) !== false ) {
 		update_option( 'mc_update_existing', false );
-		$msg = esc_html__( 'Update existing subscribers turned Off!' );
+		$msg = esc_html__( 'Update existing subscribers turned Off!', 'mailchimp' );
 		admin_notice_success( $msg );
 	}
 
@@ -521,6 +521,7 @@ function mailchimp_sf_save_general_form_settings() {
 
 	$msg = esc_html__( 'Successfully Updated your List Subscribe Form Settings!', 'mailchimp' );
 	admin_notice_success( $msg );
+	// phpcs:enable WordPress.Security.NonceVerification.Missing
 }
 
 /**
@@ -531,15 +532,20 @@ function mailchimp_sf_change_list_if_necessary() {
 		return;
 	}
 
+	if (
+		! current_user_can( MCSF_CAP_THRESHOLD ) ||
+		! isset( $_POST['update_mc_list_id_nonce'] ) ||
+		! wp_verify_nonce( sanitize_key( $_POST['update_mc_list_id_nonce'] ), 'update_mc_list_id_action' )
+	) {
+		wp_die( 'Security check failed.' );
+	}
+
 	if ( empty( $_POST['mc_list_id'] ) ) {
 		$msg = esc_html__( 'Please choose a valid list', 'mailchimp' );
 		admin_notice_error( $msg );
 		return;
 	}
 
-	// Simple permission check before going through all this
-	if ( ! current_user_can( MCSF_CAP_THRESHOLD ) ) { return; }
-
 	$api = mailchimp_sf_get_api();
 	if ( ! $api ) { return; }
 
@@ -605,7 +611,7 @@ function mailchimp_sf_change_list_if_necessary() {
 				__( '<b>Success!</b> Loaded and saved the info for %d Merge Variables', 'mailchimp' ) . $igs_text,
 				count( $mv )
 			) . ' ' .
-			esc_html__( 'from your list' ) . ' "' . $list_name . '"<br/><br/>' .
+			esc_html__( 'from your list', 'mailchimp' ) . ' "' . $list_name . '"<br/><br/>' .
 			esc_html__( 'Now you should either Turn On the Mailchimp Widget or change your options below, then turn it on.', 'mailchimp' );
 
 			admin_notice_success( $msg );

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mailchimp/wordpress",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "Add a Mailchimp signup form widget to your WordPress site.",
   "homepage": "https://github.com/mailchimp/wordpress",
   "bugs": {

readme.txt

@@ -1,8 +1,8 @@
 === Mailchimp List Subscribe Form ===
 Contributors: Mailchimp
 Tags:         mailchimp, email, newsletter, signup, marketing
-Tested up to: 6.8
-Stable tag:   2.0.0
+Tested up to: 6.9
+Stable tag:   2.0.1
 License:      GPL-2.0-or-later
 License URI:  https://spdx.org/licenses/GPL-2.0-or-later.html
 
@@ -76,6 +76,10 @@ If you are upgrading to version 1.2.1 and you used the widget in your sidebar pr
 
 == Changelog ==
 
+= 2.0.1 - 2026-01-08 =
+* **Fixed:** Plugin check plugin errors to improve overall codebase (props [@iamdharmesh](https://github.com/iamdharmesh), [@joemcgill](https://github.com/joemcgill), [@dkotter](https://github.com/dkotter), [@qasumitbagthariya](https://github.com/qasumitbagthariya)).
+* **Changed:** Bump WordPress "tested up to" version 6.9 (props [@iamdharmesh](https://github.com/iamdharmesh), [@joemcgill](https://github.com/joemcgill), [@qasumitbagthariya](https://github.com/qasumitbagthariya)).
+
 = 2.0.0 - 2025-08-11 =
 * **Added:** Form templates to the Mailchimp List Subscribe Form block, allowing users to quickly insert and publish specific forms (props [@iamdharmesh](https://github.com/iamdharmesh), [Romain Deville](https://www.linkedin.com/in/devilleromain/), [@vikrampm1](https://github.com/vikrampm1), [@jeffpaul](https://github.com/jeffpaul), [@dkotter](https://github.com/dkotter), [@qasumitbagthariya](https://github.com/qasumitbagthariya) via [#171](https://github.com/mailchimp/wordpress/pull/171)).
 * **Changed:** Improved navigation and UX enhancements to the plugin settings page (props [@iamdharmesh](https://github.com/iamdharmesh), [Romain Deville](https://www.linkedin.com/in/devilleromain/), [@jeffpaul](https://github.com/jeffpaul), [@dkotter](https://github.com/dkotter), [@qasumitbagthariya](https://github.com/qasumitbagthariya) via [#169](https://github.com/mailchimp/wordpress/pull/169)).

tests/cypress/support/commands/mailchimpLogin.js

@@ -50,6 +50,8 @@ Cypress.Commands.add('mailchimpLogin', (user = null, pass = null) => {
 	});
 
 	cy.popup().find('input#username').clear().type(username, { force: true });
+	cy.popup().find('button[type="submit"]').click({ force: true });
+	cy.wait(5000);
 	cy.popup().find('input#password').clear().type(password, { force: true });
 	cy.popup().find('button[type="submit"]').click({ force: true });
 	cy.wait(10000); // Not a best practice, but did not find a better way to handle this.