Version 2.5.10 of Paid Memberships Pro is out with a handful of bug fixes.
Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 2.5.10 specifically here.
The full list of updates is below.
- SECURITY: Fixed XSS vulnerability on the edit order page in the dashboard. (Thanks, Scott Kingsley Clark)
- ENHANCEMENT: Improved escaping and localization for the message returned when clicking to apply discount code.
- ENHANCEMENT: Now hiding gateway setting API keys behind asterisks.
- BUG FIX/ENHANCEMENT: Now passing a
CARDONFILEparameter with PayPal Payflow payment and subscription transactions. - BUG FIX/ENHANCEMENT: Using the
wp.passwordStrength.userInputDisallowedListfunction from WP 4.5 if available. - BUG FIX: Fixed issue in
getfile.phpscript where parameters in the URL would cause File not found errors. - BUG FIX: Fixed how the PayPal IPN handler handles cases where a subscription is set up correctly but the initial payment failed. We now correctly cancel these users and mark their order as error.
- BUG FIX: Improved error handling in the PayPal Express integration, particularly when a subscriptions
PROFILESTATUSis missing. - BUG FIX: User registered date is now shown in local time.
- BUG FIX: Fixed issue where the deprecated
pmpro_getClassForFieldfunction wasn’t returning a value properly. (Thanks, Elena Draculet) - BUG FIX: Updated the
pmpro_sort_levels_by_orderfunction to use level IDs for keys, since some code expects that for level arrays. This matches the behavior we had before introducing this function. - BUG FIX: Updated the
pmpro_changeMembershipLevelfunction always set the order status to error if that was passed in as the “old level status”. - BUG FIX: Fixed warning in searches/pages when PMPro pages is not set.
- BUG FIX: Fixed warnings being generated when using PHP 8 and Divi
- BUG FIX: Fixed warnings related to PayPal Express session variables.
