Development Changelog for Paid Memberships Pro Release Updates

Version 2.5.10 of Paid Memberships Pro is out with a handful of bug fixes.

Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 2.5.10 specifically here.

The full list of updates is below.

  • SECURITY: Fixed XSS vulnerability on the edit order page in the dashboard. (Thanks, Scott Kingsley Clark)
  • ENHANCEMENT: Improved escaping and localization for the message returned when clicking to apply discount code.
  • ENHANCEMENT: Now hiding gateway setting API keys behind asterisks.
  • BUG FIX/ENHANCEMENT: Now passing a CARDONFILE parameter with PayPal Payflow payment and subscription transactions.
  • BUG FIX/ENHANCEMENT: Using the wp.passwordStrength.userInputDisallowedList function from WP 4.5 if available.
  • BUG FIX: Fixed issue in getfile.php script where parameters in the URL would cause File not found errors.
  • BUG FIX: Fixed how the PayPal IPN handler handles cases where a subscription is set up correctly but the initial payment failed. We now correctly cancel these users and mark their order as error.
  • BUG FIX: Improved error handling in the PayPal Express integration, particularly when a subscriptions PROFILESTATUS is missing.
  • BUG FIX: User registered date is now shown in local time.
  • BUG FIX: Fixed issue where the deprecated pmpro_getClassForField function wasn’t returning a value properly. (Thanks, Elena Draculet)
  • BUG FIX: Updated the pmpro_sort_levels_by_order function to use level IDs for keys, since some code expects that for level arrays. This matches the behavior we had before introducing this function.
  • BUG FIX: Updated the pmpro_changeMembershipLevel function always set the order status to error if that was passed in as the “old level status”.
  • BUG FIX: Fixed warning in searches/pages when PMPro pages is not set.
  • BUG FIX: Fixed warnings being generated when using PHP 8 and Divi
  • BUG FIX: Fixed warnings related to PayPal Express session variables.