Version 2.6.6 of Paid Memberships Pro is out with one security fix and a few other bug fixes.
Thank you to Erwan from WPscan for the responsible disclosure of the cross-site scripting issue.
Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 2.6.6 specifically here.
The full list of updates is below.
- SECURITY: Updated escaping on the discount codes page in the dashboard to prevent XSS attacks. (Thanks, Erwan from WPScan)
- BUG FIX/ENHANCEMENT: Added code to remove duplicate active rows in the pmpro_memberships_users table after level change. This might have happened e.g. if users were purchasing a level via the WooCommerce Add On multiple times.
- BUG FIX/ENHANCEMENT: Improved the REST API endpoints to better support Zapier native requirements.
- BUG FIX: Fixed PHP notices in the name parser library.