V 3.1.5

Improved

  • Mega Menu now works smoothly with Elementor's new Atomic Elements, and only loads its styles on the pages that use a Mega Menu — so menus look right everywhere and your pages stay fast.
  • General compatibility and code-quality tidy-up for the WordPress.org review.
  • Updated the licensing library and removed unused files.

Fixed

  • Some admin screens (Settings, Template Kits, Template Library, Setup Wizard) could show up blank — they now load correctly.

Security

  • Made the Recommended Plugins screen safer so only the plugins we list can be installed or activated.
  • Tightened the Mega Menu so it only responds to its own known actions.
  • Added safety checks when importing Template Kits to block unsafe files.

V 3.1.4

Improved

  • renamed short/reserved identifiers to the unique jltma prefix; migrated popup table/option to prefixed names.
  • removed unused bundled readme/markdown libraries; dropped a legacy Elementor (< 2.2.8) AJAX hook.

Security

  • moved the Custom CSS editor to the Pro build (no arbitrary CSS insertion in the free plugin).
  • added nonce verification to Mega Menu options save.
  • added capability checks to popup, template-save, white-label, and rollback handlers.
  • whitelisted option-name prefixes in the internal options helper.

V 3.1.3

Added

  • Timeline widget Title and Content typography and color controls (Cards section), applied to both Post and Custom timeline items.

Improved

  • Custom CSS and JS in the Widget Builder are now a Pro feature; HTML stays available for everyone.
  • Template previews now open in a new browser tab instead of loading inside the dashboard.
  • Used unique name prefixes across the plugin for better compatibility with other plugins.
  • Updated the Select2 library to the latest stable version.
  • The setup wizard theme image now loads from within the plugin instead of an external site.
  • Review links now open the full reviews page.

Fixed

  • Template Live Preview link is now easy to read in Elementor's dark mode.

Security

  • Hardened popup list sorting so it only accepts known sort options.
  • Tightened permissions on the Mega Menu content editor so only menu managers can use it.

V 3.1.2

Added

  • Custom Attributes support for the link/button controls in Creative Button, Creative Links, Dual Heading, Info Box, Business Hours, Flipbox, Advanced Image, Image Hover Effects, Call to Action, Pricing Table and Featured Product (Pro) widgets.
  • Countdown Timer style presets (Card, Flip, Circle, Gradient, Neon, Glassmorphism, Minimal, Outline, Neumorphic) with the Layout and Style Preset options separated; the new presets are gated to Pro.
  • Counter Up responsive column support and a Content Position control for placing the title around the number.
  • Changelog widget Style tab controls (Heading, Title, Content) so the Style tab now appears before Advanced.
  • Pricing Table individual Currency, Fractional and Period color controls.
  • Widget Builder now lets you add conditions and loops in your widget code, so you can show or hide parts of a widget and repeat items based on your settings.
  • Documentation links inside the Widget Builder — a quick link in the code panel and a help icon on every control.
  • Premium controls are now clearly locked on the free version and can no longer be added by mistake.

Improved

  • A roomier Widget Builder code editor — a wider editing area, a draggable panel you can size yourself, and cleaner, thinner scrollbars.
  • Widgets you build are now shown in a safer, more reliable way.

Fixed

  • Dual Heading link showed "[object Object]" as the href in the editor and ignored Open in new window / Add nofollow / Custom Attributes; Style 1 markup, heading structure and extra-span spacing corrected.
  • Tooltip Width, Background, Color, Padding, Border and Typography style controls now apply (scoped to the per-widget Tippy theme); Tooltip Text now updates live in the Elementor editor.
  • Gradient Headline hover gradient colors now apply on hover only when set.
  • Pricing Table price typography now targets the price amount only, and extra spacing around the price/currency is removed.
  • Image Hover Effects border radius now rounds the image, border and hover overlays.
  • Progress Bar percentage number typography/DOM controller styling.
  • Contact Form 7 label margin now applies to the form labels.
  • "Unregistered dependency" PHP notice (jltma-prism) for the Source Code widget when the Pro license is inactive.
  • Nonce issue fixed.
  • Background, typography and text shadow styling now applies exactly where you choose instead of to the whole widget.
  • Importing a widget now opens it correctly, and the Widget Builder menu appears in the right place.

V 3.1.1

Improved

  • Updated @popperjs/core from 2.9.3 to 2.11.8. Removed the legacy option-based Widget Builder. Existing custom widgets are migrated automatically (data scrubbed and files regenerated; no widgets are deleted).

Security

  • Widget Builder no longer accepts or executes arbitrary PHP. PHP tags are stripped from all widget HTML/CSS/JS on save and during generation, so generated widget files contain only plugin-authored code. Dynamic values use {{placeholders}} that are escaped on output.
  • Removed the Widget Builder preview path that wrote user code to a temporary PHP file and included it. Previews now render statically with escaped mock values — no user PHP or JavaScript is executed.
  • Fixed an authenticated (author+) Stored XSS via the 'jtlma_custom_js' page setting / 'custom_js' element setting of the Custom JS extension (reported in versions up to 3.1.0). The extension is removed from the free plugin entirely (no render path remains); in Master Addons Pro the unfiltered_html capability is now enforced on save (the value is stripped for unprivileged users via the elementor/document/save filter) and at render (output gated by the post author's capability), not only during control registration.
  • Hardened the Custom CSS extension against tag-breakout XSS. The 'custom_css' element setting is now sanitized on save (via the elementor/document/save filter) and again on render before it is added to the stylesheet, stripping HTML/PHP tags (e.g. a "" breakout), expression(), @import and javascript:/behavior: — closing the same direct-AJAX save bypass.
  • Added a nonce check to the Content Restriction AJAX handler and a capability check to the popup shortcode and template plugin-status AJAX handlers.
  • Sanitized the Select2 REST nonce flow (fail-closed) and tightened its capability to edit_posts; sanitized the template-data request and template-kit theme-activation nonce.
  • The bundled Markdown library no longer hooks the_content/comment filters globally; the jltma_template shortcode now escapes its returned markup.

v3.1.0

Added

  • Popup Builder now rejects duplicate display conditions and shows an inline validation message.

Improved

  • Documented every external service the plugin contacts (Master Addons template API, Pixar Labs API, Google reCAPTCHA, Twitter/X, WhatsApp, Freemius) with terms and privacy links.
  • Removed the Template Kit "fix compatibility" routine that rewrote the active_plugins option.
  • Replaced deprecated openssl_free_key() and get_page_by_title() with version-safe equivalents.
  • Widget Builder preview now uses an included temporary file.
  • Replaced the PHP short tag in the Infobox widget and removed remote CDN dependencies (Font Awesome, ace-builds, placeholder images now load locally / from Elementor).
  • Replaced remote file_get_contents() calls with the WordPress HTTP API and moved generated Widget Builder files to the uploads directory.
  • Removed the front-end PHP session in the Popup Builder in favour of a cookie.
  • Standardised every gettext call on the "master-addons" text domain and added direct-file-access protection to entry-point files.
  • Theme Builder condition validation messages are shown as a centered, colour-coded alert.

Fixed

  • "Undefined array key" PHP warnings in the upgrade notice and Pro upgrade dashboard widget.
  • Renamed an asset file containing a space and removed hidden system files.

V 3.0.9

Added

  • Dynamic Table Addons table head show/hide option add.

Fixed

  • Dynamic Table mobile view warning issue fixed.

V 3.0.8

Added

  • Redesigned Template Kit upload flow with a single continuous modal — inline confirmation, stepped progress, per-template filename display, no popup-over-popup.
  • Faster Template Kit extraction using native ZipArchive with raised memory and execution time limits.
  • "IMPORTED" badge on Template Kit cards already present in the local library.
  • Shared promise-based confirmation and alert dialog system usable across Template Library, Widget Builder, Popup Builder, and Theme Builder.
  • ARIA attributes and keyboard accessibility (Enter / Space / Esc) to Nav Menu toggle and import modals.
  • Template Kits, Library & Popup Builder help tutorials links added.

Fixed

  • Nav Menu hamburger toggle not working on mobile devices.
  • Nav Menu offcanvas, popup, and default dropdown modes styling restored after Bootstrap dependency removal.
  • Pro plugin showing "Sorry, you are not allowed to access this page." when Master Addons Free is not installed - now shows a proper install-free notice.
  • Console errors across the Template Library after SweetAlert removal (delete kit, template import, plugin install/activate).
  • Template Kit card thumbnail click now opens the in-app kit details view instead of opening an external preview URL.

V 3.0.7

Added

  • Some missing help links add to options settings.

Fixed

  • Gallery Slider Thumbnails style issue fixed.

V 3.0.6

Fixed

  • Elementor Custom Icon Library not showing issue fixed.