Uncategorized

WP-Members Security 1.6.4 has been released. This version includes some code improvements as well as some bug fixes. The WP CLI commands were reviewed, debugged, revised, and improved.

This version is a security patch release for all previous versions. It patches a potential cross site scripting vulnerability that could be used by users with a contributor or higher role (so only when you have non-administrator users who have a role capability that allows them to create posts).

I’m not going to detail how it could be used, but this can only be exploited by a user who has a role allowing them to create posts. Additionally, the necessary parameters for exploiting it is in a feature that is not published in the documentation, so it is not anything obvious.

This version is a security patch release for all previous versions. It patches a potential cross site scripting vulnerability that could be used by users with a contributor or higher role.

I’m not going to detail how it could be used, but this can only be exploited by a user who has a role allowing them to create posts. Additionally, the necessary parameters for exploiting it is in a feature that is not published in the documentation, so it is not anything obvious.

WP-Members 3.5.3 has been released. This version is primarily a feature update release, but includes a couple of bug fixes and other updates as noted in these release notes.

While it is outside the scope of plugin support to get deep into the use of MySQL to handle the querying of user data, there are some basic concepts that can be presented to help you build the applications that you need to handle users. And the fact that WP-Members relies on the existing WordPress database schema means that you can find many related articles and tutorials on the web.