RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

Home » Release Announcements » WP-Members 3.5.6

WP-Members 3.5.6

· ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

 

WP-Members 3.5.6 has been released with a security fix, a bug fix, and an improvement in the upgrade process.

Security fix

This version patches a potential vulnerability in the [wpmem_user_membership_posts] shortcode. The vulnerability is limited to authenticated users who have the ability to edit posts. The patch limits the “order” and “order_by” attributes of the shortcode to the following:

“order” limited to:

  • ASC (default if omitted)
  • DESC

“order_by” limited to:

  • ID (default if omitted)
  • title
  • date
  • name
  • modified

Bug fix

This version patches a bug in the validation of memberships when checking expiration memberships that require a specific role. A patch for this bug was included in a minor release earlier, but is now officially included in 3.5.6.

Improvement

This version improves the processing of file moves when upgrading to the new file system structure. It will equalize http/https values in cases where the site moved from http to https but the associated file guids were not evaluated and updated. This will improve file moves so that files are not missed due to a legacy insecure value.

Ready to get started?

Join Today!