User Role Editor Pro version 4.24.5 was published at April 2nd, 2016. It’s the security update to fix critical vulnerability. Versions affected (free and Pro) 4.24.4 and earlier. This exploit allowed to any registered user to raise his permissions up to administrator level.
It’s strongly recommended to update your copy of User Role Editor Pro to the latest version.

Changes List

Core version: 4.25

• Important security update: Any registered user could get an administrator access. Thanks to John Muncaster for discovering and wisely reporting this vulnerability.
• URE pages title tag was replaced from h2 to h1, for compatibility with other WordPress pages.

User Role Editor Pro version 4.24.4 was published at April, 1st, 2016. This bug fix release contains next changes:

Changes List

• Fix: Content view restrictions module: Access error message was not shown with setting to show it. Post or page was excluded from the list of available content instead.
• Fix: Admin menu access module:
  – ‘user-edit.php’ link was blocked by error with ‘block not selected’ model, which did not allow to edit a selected user.
  – admin menu copy is linked to the action with priority 1000 now, to be executed after Jetpack, which uses priority 998 for some reason.

User Role Editor Pro version 4.24.3 was published at March 23rd, 2016.

Changes List

Core version: 4.24.1

• Fix: PHP Notice: Undefined index: … in wp-content\plugins\user-role-editor-pro\includes\pro\classes\admin-menu-access.php on line 69
  Warning: Invalid argument supplied for foreach() in wp-content/plugins/user-role-editor-pro/includes/pro/classes/admin-menu-access.php on line 86
• Update: Admin menu access module – conditions were optimized when backend admin menu copy is created.

Version 4.24 contained critical bug in the ‘Posts View Access’ module which raised PHP fatal error. Quick fix release 4.24.1 did not address all problems of a new added and updated code. Code was refactored and tested thoroughly. Bug fix release 4.24.2 was published today as the result of 2 days hard work on the deep testing for almost all possible use cases. I hope that the most of possible bugs were caught for today.

It becomes more complex to maintain User Role Editor bugs free with code base permanent grow. We use the PHPUnit testing suite for User Role Editor, but it did not cover the 100% of User Role Editor functionality yet. It will be one of our main purposes for the nearest months to reach those 100%, of course with a new functionality development together.