Development Changelog for Paid Memberships Pro Release Updates

Version 2.4.3 of Paid Memberships Pro is out with a security fix and a fix for the bundled Vietnamese language files.

Thank you to the WordPress.org plugin review team who discovered a cross-site scripting vulnerability. Full details can be found in the change log below.

Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 2.4.3 specifically here.

The full list of updates is below.

  • SECURITY: Fixed a cross-site scripting vulnerability in the code that updates the Required Membership settings on a post. This vulnerability could have been used in conjunction with other security vulnerabilities to trick an admin into editing the membership settings for a page, potentially exposing members only content to non-members. It is unlikely that there was any active exploitation of this vulnerability. This issue may also have shown up as a bug on some sites using page builders, where the membership settings for a post would be cleared out when editing a post. (Thanks to the wp.org plugin review team for catching this issue.)
  • SECURITY: Better escaping of variables shown in the Require Membership meta box and related SQL queries.
  • BUG FIX/ENHANCEMENT: Renamed the Vietnamese language files to match what is expected.
Jason Coleman

Author: Jason Coleman

Jason is co-founder of Paid Memberships Pro, the 100% open source membership plugin for WordPress. He has been pushing WordPress to its limits for many years and is an advocate for using WordPress as an application framework to build web sites and apps that go above and beyond the typical blog or CMS site.

Was this article helpful?
YesNo