2.0.0 - Jun 5, 2026

• New - Merged every feature from the former Multi-Form Anti-Spam Image CAPTCHA Pro add-on into the free plugin: Gravity Forms field, Elementor Pro Forms validation, WooCommerce login/registration/checkout, WordPress login/registration/lost-password/reset, native WordPress comments, audio accessibility, 780+ bundled SVG icons, full styling controls, custom-icon picker, reverse honeypot, submission speed check, AJAX lazy loading and JSON settings export/import.
• New - Added a per-render tamper token that blocks stripped or modified CAPTCHA fields.
• New - Added the pbmfasic_skip_wp_login_option, pbmfasic_skip_validation and pbmfasic_force_synchronous_render developer filters.
• Enhancement - Standardized every plugin option under the pbmfasic_ prefix and removed the global pre_option_* filter shim used by the legacy Pro plugin.
• Enhancement - Rebuilt the settings page with a dedicated Styling tab and a grouped General tab (Form Integrations, Spam Protection, Loading and Difficulty, Icon Set, Custom Messages, Credit Link) alongside Installation Instructions and Tools.
• Enhancement - Replaced the "---" placeholder rows on the Styling dropdowns with real defaults (Display Style: Full width, Icon Alignment: Left, Icon Border: Show, Border Style: Solid, Text Align: Left, Icon Title Style: Normal, Text Location: Above icons).
• Enhancement - Selected captcha icons now get a visible default border highlight (WP-admin blue) so clicks register without first configuring the color pickers.
• Enhancement - Submission Speed Check threshold defaults to 2000 ms; enabling the check no longer silently passes every submission when the value was never saved.
• Enhancement - Replaced the inverted "Disable Honeypot" toggle with a positive-sense "Enable honeypot fields (recommended)" checkbox.
• Enhancement - Comment-form CAPTCHA failures now render WordPress's standard "Comment Submission Failure" page (with native Back-button recovery) instead of a custom error screen.
• Enhancement - Hardened output escaping, input sanitization, nonce verification and $wpdb prepared statements across the codebase.
• Enhancement - Made the "Powered by" footer link opt-in and disabled by default.
• Fix - Audio AJAX endpoint URL now includes the missing = after t, so the per-radio audio file loads correctly in every browser.
• Fix - Gravity Forms editor shows a CAPTCHA placeholder instead of attempting to render the live challenge inside the form builder.
• Fix - Contact Form 7 validation errors are now anchored to the CAPTCHA field instead of falling back to the generic "One or more fields have an error" tip.
• Security - Capped the audio AJAX endpoint to one response per captcha key so bots cannot enumerate which radio is correct by comparing response sizes between probes.
• Security - Public [pbmfasic-svg] shortcode now sanitizes inline SVG output with wp_kses() for every caller, not just the captcha renderer.
• Security - Wrapped the translatable "Select the %s to verify." prompt in wp_kses_post() so a hostile translation cannot inject HTML or JavaScript.
• Security - Validator::sanitize_post_value() rejects array values so a pbmfasic_captcha[]=foo payload no longer feeds sanitize_text_field() an array.
• i18n - Display name updated to "Multi-Form Anti-Spam Image CAPTCHA". Plugin slug, text domain and stored option keys are unchanged.

1.0.2 - Mar 5, 2026

• Fix - Contact Form 7 validation errors now correctly highlight the CAPTCHA field instead of displaying generically.
• Fix - Multiple CAPTCHAs on the same page now work independently with correct screen-reader associations.
• Enhancement - Improved compatibility with form plugin stylesheets for icon radio-button display.

1.0.1 - Dec 11, 2025

• Enhancement - Rebranded plugin to MultiForm Anti-Spam Image CAPTCHA.
• Fix - Corrected database table prefixes preventing validation on some installs.

1.0.0 - Dec 3, 2025

• New - Initial release.