Version 2.5.5 of Paid Memberships Pro is out with a handful of enhancements and bug fixes, including two security related updates. First, we have improved sanitization of parameters for some of our endpoints in the REST API. We are also now requiring reCAPTCHA even for logged in users when that feature is enabled for your checkout.

Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 2.5.5 specifically here.
The full list of updates is below.
- SECURITY: Better sanitization of parameters on some REST API endpoints.
- SECURITY: Now showing reCAPTCHA field at checkout even for logged in users.
- ENHANCEMENT: Added
find_billing_address()
method to theMemberOrder
class. This will look for the address on the last order with the same sub id or in user meta. - ENHANCEMENT: Better styling for invoices shown on the frontend.
- ENHANCEMENT: No longer forcing column width % in the members list table.
- ENHANCEMENT: Added a
pmpro_doing_webhook
action that is fired at the beginning of our webhook/IPN handlers. - ENHANCEMENT: Added a
pmpro_membership_level_after_billing_details_settings
hook to the edit membership level page. This hook should now be used to add billing related settings. - BUG FIX/ENHANCEMENT: Allowing order total to be set to 0, even if there is a subtotal and tax amount.
- BUG FIX/ENHANCEMENT: Stripe checkout fields will now use the language set in the Stripe settings.
- BUG FIX/ENHANCEMENT: The URL check in our notifications code now accepts arrays (e.g. to see if a URL has one of a group of top level domains). This fixes a warning some may have seen in error logs.
- BUG FIX: Fixed issues where totals on PayPal recurring payments were sometimes incorrect if both an
mt_gross
and amount field were passed via IPN.