RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

Home » Release Announcements » WP-Members 3.4.9.2

WP-Members 3.4.9.2

· ·


Deprecated: Hook wpmem_inc_login_args is deprecated since version 3.3.0! Use wpmem_login_form_defaults instead. in /var/www/vhosts/rocketgeek.com/test.rocketgeek.com/wp/wp-includes/functions.php on line 6078

WP-Members 3.4.9.2 contains two patches that are included from the upcoming 3.5.0 release and two security patchs.

Security

  • Review shortcode object class for sanitizing all shortcode attributes and escaping all output: Due to a reported vulnerability in one of the plugin’s shortcodes, a complete security audit was performed on the entire shortcodes class in the plugin. The result of this review included making sure that every shortcode attribute is sanitized and that every shortcode output is escaped.
  • Review admin user profile class for sanitizing input and escaping output: Due to a reported vulnerability in one of the default data fields WP-Members collects during registration, a complete security audit was performed on where this data is collected and the admin user profile screen output. The result of this review included making sure that this data was sanitized on input and escaped on output.

It is recommended that all users update to version 3.4.9.2.

Patches

There were two 3.5.0 bug fix patches included in this update:

  • If memberships are enabled but no memberships are defined, that could cause an error when performing a user export. While it is simple enough to disable memberships if there are no defined memberships, the plugin was improved to check for this possibility before assembling export data, solving the problem even if the plugin is misconfigured.
  • If the plugin is set up for HTML email, the fields list in the admin notification is a single line because text line breaks are not the same as HTML line breaks. A patch is included to resolve this depending on the email format selected in the plugin’s options.

This article is only available to WP-Members Support Subscribers. If you have an existing subscription, please login below. If you do not have a current support subscription, you can purchase a support subscription here.

Already a Member? Log In Here
   
Forgot password? Click here to reset

To gain full access to WP-Members premium content, a current support subscription is required. You can purchase an annual support subscription for as little as $59, which provides you with access to priority support, a customer support forum, access to code snippets, and more.

Why wait? Choose your subscription option here.

[Why join?]

Ready to get started?

Join Today!