Uncategorized

WP-Members 3.5.4.1

Chad Butler · Jun 22, 2025 ·

This version is a security patch release for all previous versions. It patches a potential cross site scripting vulnerability that could be used by users with a contributor or higher role.

I’m not going to detail how it could be used, but this can only be exploited by a user who has a role allowing them to create posts. Additionally, the necessary parameters for exploiting it is in a feature that is not published in the documentation, so it is not anything obvious.

WP-Members 3.5.3

Chad Butler · May 14, 2025 ·

WP-Members 3.5.3 has been released. This version is primarily a feature update release, but includes a couple of bug fixes and other updates as noted in these release notes.

Continue Reading →

Using the database to query user data

Chad Butler · Sep 1, 2024 ·

While it is outside the scope of plugin support to get deep into the use of MySQL to handle the querying of user data, there are some basic concepts that can be presented to help you build the applications that you need to handle users. And the fact that WP-Members relies on the existing WordPress database schema means that you can find many related articles and tutorials on the web.

Continue Reading →

Wordfence announces critical vulnerability in Litespeed Cache

Chad Butler · Aug 21, 2024 ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

Recently, the Wordfence Threat Intelligence team announce a critical vulnerability in the Litespeed Cache plugin. This is a privilege escalation vulnerability, which means that an attacker who gains access as a low level user can exploit the vulnerability to gain admin rights on an affected site.

I am pointing this out because I know a lot of WP-Members’ users also utilize cache plugins, which can include Litespeed Cache. If you’re one of those users, please make sure that you update your version of Litespeed cache to a version higher than 6.3.0.1 as all other versions are vulnerable.

You can read more about this reported vulnerability here:

Over 5,000,000 Site Owners Affected by Critical Privilege Escalation Vulnerability Patched in LiteSpeed Cache Plugin (wordfence.com)

WP-Members PayPal Subscriptions 0.9.9

Chad Butler · May 31, 2024 ·

The WP-Members PayPal Subscriptions extension version 0.9.9 has been released. This update contains some important changes from the previous production version. All users should update.

Continue Reading →