Version 2.0.7 of Paid Memberships Pro is out with a handful of bug fixes and minor enhancements. These bugs have the potential to hinder sales, so be sure to upgrade.
We pushed out a security update in version 2.0.6. We are now using the
wp_safe_redirect function when handling the
redirect_to URL parameter on the login page. This prevents the login page from redirecting to unapproved hosts, i.e. other websites. More information on the
wp_safe_redirect function why using it is important can be found in the WordPress developer reference here. Thank you PluginVulnerabilities.com for bringing this issue to our attention.
Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here, version 2.0.6 specifically here, or version 2.0.7 specifically here.
The full list of updates is below.
= 2.0.7 – 2019-05-30 =
- BUG FIX: Fixed issue where the profile start date would sometimes be set incorrectly on the Stripe subscription.
- BUG FIX: Fixed issue where the membership shortcode would not work properly if more than one level name was given.
- BUG FIX: Fixed issue where an incorrect email address was sometimes set in the confirm email field on the update billing page. (Thanks, Jessica Thomas)
- BUG FIX/ENHANCEMENT: Fixed placement of the hr tag above the user fields at checkout for consistency.
- ENHANCEMENT: Set the priority on the Require Membership meta box to “high” so it appears higher in the right sidebar.
= 2.0.6 – 2019-05-30 =
- SECURITY: Now using
wp_safe_redirectwhen possible, especially in
includes/login.phpwhere the user-provided
redirect_toURL parameter is used. (Thanks PluginVulnerabilities.com)