Changelog

All notable changes to Formatrica will be documented here.

1.0.6 - March 2026

Security

Escaped all remaining output variables at the echo boundary (escape-late pattern) per WP.org reviewer feedback
Hardened all wp_add_inline_style() and wp_add_inline_script() calls with wp_kses_no_null and close-tag neutralisation
Removed phpcs:ignore EscapeOutput annotations replaced by proper escaping

1.0.5 - February 2026

Removed all use function imports for WordPress global functions across 31 PHP files to resolve PHP "name already in use" errors in certain hosting environments

1.0.4 - February 2026

Maintenance release.

1.0.3 - February 2026

Changed (WordPress Plugin Directory Compliance)

Security Hardening

Added ABSPATH direct-access guards to all 69 PHP files in app/
Replaced all error_log() calls with hook-based debug logger (formatrica_debug_log action)
Escaped all frontend-facing exception messages with esc_html__() or sanitize_text_field()
Sanitized all $_SERVER, $_GET, and $_COOKIE superglobal reads with sanitize_text_field(wp_unslash())

Database

Hardened all SQL queries with %i identifier placeholders for table names

Internationalization

Added /* translators: */ comments to all sprintf() calls containing translatable strings
Fixed unordered placeholders to use positional format (%1$d, %2$d)

Filesystem

Replaced unlink() calls with wp_delete_file() in Export_Controller

Plugin Bootstrap

Removed manual load_textdomain() call (WordPress handles this automatically for directory-hosted plugins)
Fixed Tested up to header to use major.minor format (6.9)

Fixed

Fixed "Send test email" button doing nothing when "Use global Recipient email" is enabled
Fixed additional Plugin Check output-escaping issues for admin page header icon URLs
Fixed translators comment placement for placeholder-based error strings

Security

Encrypt CAPTCHA secret keys at rest and expose them as write-only fields in the builder

Changed

Updated release tooling so make-release.sh can promote Unreleased changelog headings during version bumps

1.0.2 - February 2026

Removed

Removed Microsoft Teams integration

Added

Added Privacy section to readme with third-party service disclosure

Fixed

Fixed Contributors field for WordPress.org compliance
Cleaned up installation instructions for end users

1.0.1 - October 2025

Fixed

Fixed Mailpit sender domain enforcement causing unnecessary deliverability warnings during local development
Mailpit now bypasses sender domain validation (like API providers) since it's a development-only tool

1.0.0 - October 2025

Initial release of Formatrica.

Form Builder

Vue.js 3 + Pinia drag-and-drop form builder
Real-time field editing with live preview
15 pre-built form templates (Contact, Newsletter, Job Application, Event Registration, Support Ticket, and more)
Form preview with zoom control (50-100%)
Form duplication and custom titles

Field Types

Text, Email, Telephone, Password
Textarea, Select, Radio, Checkbox
File Upload with drag-and-drop
Date Picker, Hidden, Custom Text
Submit Button with customization

Security

Honeypot protection (enabled by default)
CSRF token validation
IP-based rate limiting
Multiple CAPTCHA providers (reCAPTCHA v3, Cloudflare Turnstile, FriendlyCaptcha)
File upload validation with MIME checking

Privacy

IP address storage modes (Full, Anonymized, None)
Auto-delete submissions after configurable days
GDPR-friendly data handling

Email Delivery

9 providers: WordPress, SendGrid, SMTP2GO, Mailgun, Postmark, Brevo, Amazon SES, SMTP, Mailpit
Encrypted credential storage
Per-form email configuration
Test email functionality

Integrations

Zapier, Make.com webhooks
Slack notifications
Mailchimp audience subscription
Salesforce Web-to-Lead
HubSpot contact forms
WordPress Post creation with ACF support
WooCommerce order generation

User Registration

Create WordPress users from form submissions
Email verification required before login
Automatic password generation