Version 2.6.6 of Paid Memberships Pro is out with one security fix and a few other bug fixes.
Thank you to Erwan from WPscan for the responsible disclosure of the cross-site scripting issue.
The full list of updates is below.
- SECURITY: Updated escaping on the discount codes page in the dashboard to prevent XSS attacks. (Thanks, Erwan from WPScan)
- BUG FIX/ENHANCEMENT: Added code to remove duplicate active rows in the pmpro_memberships_users table after level change. This might have happened e.g. if users were purchasing a level via the WooCommerce Add On multiple times.
- BUG FIX/ENHANCEMENT: Improved the REST API endpoints to better support Zapier native requirements.
- BUG FIX: Fixed PHP notices in the name parser library.