Version 2.9.8 of Paid Memberships Pro is out with a handful of bug fixes and enhancements. This version also includes security updates that help to prevent denial of service attacks through malicious REST API queries.

Update July 12, 2023: It was original thought that the vulnerabilities found in our REST API code only allowed for denial of service attacks, however security researchers have recently demonstrated attacks that could use the same vulnerability to read arbitrary data from the WordPress database, including email addresses and password hashes, which could be used to gain further access to the compromised site. Because of this, we strongly recommend upgrading to the latest version of Paid Memberships Pro to keep your site as safe as possible.

Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 2.9.8 specifically here.

Development Changelog for Paid Memberships Pro Release Updates

The full list of updates in 2.9.8 is below:

  • SECURITY: Updated many queries to use $wpdb->prepare and esc_sql for better security. In almost all of these cases, the variables uses in the queries were escaped earlier or otherwise trusted, but it’s good practice to escape in the query anyway to be extra safe and avoid issues when code is updated in the future.
  • BUG FIX/ENHANCEMENT: Fixed some notices in the Gateway class.
  • BUG FIX/ENHANCEMENT: Fixed HTML in the nl_NL email templates.
  • BUG FIX/ENHANCEMENT: Added the !!membership_level_confirmation_message!! replacement variable to admin checkout emails.
  • BUG FIX/ENHANCEMENT: Fixed typo “could” in error message shown when an Add On cannot be installed.
  • ENHANCEMENT: Removed duplicate display_name definition in the PMPro Email class.
  • ENHANCEMENT: Fixed PMPRO_MIN_PHP_VERSION constant name in a few places.
  • ENHANCEMENT: Including the Akismet Integration and MailPoet Integration icons for use on the Memberships > Add Ons page in the WordPress admin.
Was this article helpful?