Version 2.5.1 of Paid Memberships Pro is out with a security fix and a handful of other enhancements and bug fixes. These bugs have the potential to hinder sales, so be sure to upgrade.
Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 2.5.1 specifically here.
Special thanks to Ron Masas from Checkmarx.com for finding and responsibly disclosing the security vulnerability.
Special thanks to karambk on GitHub for his first time contribution.
The full list of updates is below.
- SECURITY: Fixed XSS vulnerability on the Members List page of the dashboard. (Thanks, Ron Masas from Checkmarx.com)
- ENHANCEMENT: Add Ukrainian Hryvnia currency. (Thanks, Mirco Babini)
- ENHANCEMENT: Added a “non-members” option to the Beaver Build module.
- BUG FIX: Fixed issue where only USD and US were allowed with Stripe’s GooglePay/ApplePay buttons.
- BUG FIX: Fixed issue where some profile fields, e.g. those added with Register Helper, were accidentally updated or removed when accessing the frontend profile page.
- BUG FIX: Fixed issue with tracking discount code uses when using the 2Checkout (deprecated in v2.10+) gateway. (Thanks, karambk on GitHub)
- BUG FIX: No longer running excerpts through
wpautopwhen a more tag is used.