Paid Memberships Pro (with All Plus Addons) 3.7.3 NULLED

== Changelog ==
= 3.7.3 - 2026-05-14 =
* SECURITY: Added a nonce check to the Update Billing Information page to prevent CSRF, and tightened the gate so enforcement only skips on sites explicitly opted into a pre-3.7.3 custom billing template. The billing template version has been bumped to 3.7.3. #3671 (@dparker1005)
* SECURITY: Tightened the checkout page nonce enforcement gate so it only skips on sites explicitly opted into a pre-3.0 custom checkout template, closing a gap where sites with a pre-3.0 custom `checkout.php` in their theme could bypass nonce checks without opting in. #3674 (@dparker1005)
* ENHANCEMENT: Added new action hooks to the subscriptions panel of the Edit Member screen and the single subscription view. #3666 (@kimcoleman)
* ENHANCEMENT: Added nonce checks to read-only admin AJAX handlers (`pmpro_orders_print_view`, `pmpro_get_order_json`, `login_report_csv`, `sales_report_csv`, `membership_stats_csv`) for consistency with other admin AJAX endpoints. #3673 (@dparker1005)
* ENHANCEMENT: Added the new `pmpro_use_advisory_locks` filter as a system-wide escape hatch to disable MySQL advisory locking on hosts where persistent MySQL sessions or other environment quirks cause stuck locks. #3649 (@dparker1005)
* ENHANCEMENT: Replaced the vague "Stripe dashboard settings" wording with a direct link to the Stripe Radar rules page in the billing address field description. #3677 (@dparker1005)
* BUG FIX: Prevented concurrent Stripe webhook deliveries from racing on the same order by introducing a MySQL advisory lock around webhook processing. This fixes cases where "at least once" Stripe delivery from multiple infrastructure nodes could create duplicate membership rows or cancel a freshly-created subscription. #3649 (@dparker1005)
* BUG FIX: Fixed the Old Members CSV export to exclude users who currently have any active membership, matching the logic already used by the expired and cancelled filters. #3680 (@dwanjuki)
* BUG FIX: Fixed a PHP warning and a missing payment transaction ID when Stripe checkout sessions complete asynchronously (e.g. Bank Transfer), where the PaymentIntent has no `latest_charge` at completion time. #3655 (@dwanjuki)
* BUG FIX: Honored the configured currency decimals in `pmpro_get_price_info()`'s `amount_string` so zero-decimal currencies (JPY, KRW, VND, UAH, ALL) no longer produce strings like "25.00" that PayPal billing rejects. Also fixed `pmpro_get_currency()` so it actually honors the `$currency` parameter it advertises. #3676 (@dparker1005)
* BUG FIX: Allowed updating billing for subscriptions without a successful order on file, so manually-linked subscriptions in the admin no longer redirect users away from the billing page. #3667 (@dparker1005)
* BUG FIX: Fixed the Restricted Files protection self-test reporting "Unable to determine" on sites with no member uploads, by writing a non-dotfile marker (`pmpro-protection-test.txt`) alongside the existing `.htaccess`. #3675 (@dalemugford)

== Changelog ==
= 3.7.2 - 2026-05-01 =
* SECURITY: Tightened ownership check in the `/pmpro/v1/order` REST permission callback to bail early for anonymous requests, require a non-empty order ID, and use a strict integer comparison. #3643 (@flintfromthebasement)
* SECURITY: Scoped the `/pmpro/v1/quick_search` users meta lookups to custom profile fields by skipping internal WP/plugin meta keys. Added the `pmpro_rest_api_quick_search_meta_key_blocklist` filter so sites can extend the blocklist. #3644 (@flintfromthebasement)
* SECURITY: Fixed a non-functional capability guard in `PMPro_Field_Group::save_fields()` where a literal string comparison made the `current_user_can( 'edit_user' )` check unreachable. #3645 (@flintfromthebasement)
* ENHANCEMENT: Reworked the Email Settings and Security Settings admin pages to detect the active email sending method and security provider, surface that information in Site Health, recognize PMPro Max as a provider, and remove the legacy built-in SendWP integration. #3656 (@kimcoleman)
* ENHANCEMENT: Renamed the Builder and Plus Add Ons to Max throughout the admin and labeled all paid Add Ons under the new Premium license tier. #3650 (@dparker1005)
* ENHANCEMENT: Added the new PayPal Gateway Add On to the Payment Gateway settings page, surfacing it as "Enabled (via Add On)" when active as a secondary gateway. #3657 (@dparker1005)
* ENHANCEMENT: Added new filters for avatar upload location and render location to support multisite installations. #3648 (@kimcoleman)
* ENHANCEMENT: Updated the Design Settings page link to a direct URL so tracking parameters work without a redirect. #3625 (@kimwhite)
* ENHANCEMENT: Added/updated Add On icons including a new MailerLite icon for an upcoming Add On. #3627, #3652 (@kimcoleman)
* BUG FIX/ENHANCEMENT: Fixed three bugs that caused member CSV export downloads to return 403/404: deferred export record cleanup until after the file is served, extended download token TTL to 7 days and hardened the URL builder when no token is available, and prevented zero-record exports from creating a ghost "complete" state. Introduced the `pmpro_restricted_file_served` action and buffered handler output to avoid corrupting the response. #3637 (@dalemugford)
* BUG FIX: Fixed a deprecated `pmpro_changeMembershipLevel()` call when deleting a WP user. #3660 (@kimwhite)
* BUG FIX: Fixed deprecation notices in `pmpro_cleanPhone()` when the phone value is `null`. #3654 (@dwanjuki)
* BUG FIX: Fixed the All Levels member export producing duplicate rows and omitting members with higher user IDs in large exports. #3632 (@flintfromthebasement)
* BUG FIX: Fixed the `checkbox_grouped` field input not receiving the correct CSS selectors. #3646 (@kimcoleman)
* BUG FIX: Skipped content visibility controls for unsupported blocks in widget editors to prevent JS errors. #3653 (@dwanjuki)

== Changelog ==
= 3.7.1 - 2026-03-25 =
* BUG FIX: Fixed some admin pages not saving due to POST redirect in list table referer cleanup. #3624 (@kimcoleman)
* BUG FIX: Fixed PHP 8.1 deprecation warnings in restricted files functions on Windows servers with misconfigured upload directories. #3623 (@flintfromthebasement)
* DEPRECATED: Deprecated the PayPal Express gateway. PayPal is retiring the NVP/SOAP API that PayPal Express relies on. A new PayPal integration is coming soon. #3622 (@dparker1005)
* DEPRECATED: Renamed the Website Payments Pro gateway slug from `paypal` to `paypalwpp` to free the `paypal` slug for the upcoming PayPal REST API Add On. #3622 (@dparker1005)

== Changelog ==
= 3.6.5 - 2026-02-26 =
* SECURITY: Gated the unverified Stripe webhook event fallback behind a new `pmpro_stripe_webhook_allow_unverified_post_event` filter, which defaults to `false`. #3592 (@dparker1005)
* ENHANCEMENT: Updated links to the Member Directory and Podcasting Use Case landing pages and hubs. #3593 (@kimcoleman)
* ENHANCEMENT: Added a new `pmpro_memberships_widget_periods` filter to allow customizing the time periods shown in the Memberships Report widget. (@kimcoleman)
* ENHANCEMENT: Added a new icon for the PMPro Kit Add On. #3575 (@kimcoleman)
* ENHANCEMENT: Now clearing the object cache when user fields are created, updated, or deleted to ensure changes show immediately when using persistent object caching. #3565 (@dalemugford)
* ENHANCEMENT: Updated the WP Fusion Lite integration through v3.47.6. #3583 (@dparker1005)
* BUG FIX/ENHANCEMENT: Now ignoring PayPal error code 11556 when cancelling a subscription that is already inactive to avoid unnecessary admin notifications. #3572 (@dparker1005)
* BUG FIX: Fixed an issue where the field group description was not showing due to an incorrect variable reference. #3591 (@mircobabini)
* BUG FIX: Fixed an issue where failed Stripe recurring payment orders were missing card info and billing address data. #3590 (@dparker1005)
* BUG FIX: Fixed an issue where the membership level billing amount could be recalculated incorrectly when processing checkout via webhook, potentially losing discount code pricing. #3585 (@dparker1005)
* BUG FIX: Fixed an issue where the timestamp for new orders created in the admin could default to 1970 when the site timezone is not UTC. #3582 (@dparker1005)
* BUG FIX: Resolved PHP 8.5+ deprecation warnings for non-canonical cast names. #3560 (@dwanjuki)

== Changelog ==
= 3.6.4 - 2026-01-08 =
* ENHANCEMENT: Adding a new `!!order_url!!` email template variable to checkout email templates. #3555 (@kimcoleman)
* ENHANCEMENT: Now limiting failed payment emails to be sent a maximum of once daily per subscription. #3552 (@dparker1005)
* ENHANCEMENT: Now cleaning up library conflict records that are older than 7 days. #3554 (@dalemugford)
* BUG FIX/ENHANCEMENT: Discount codes now expire at the end of the date set as the "Expiration Date" instead of at the start of that date. #3559 (@dparker1005)
* BUG FIX/ENHANCEMENT: Now ignoring Stripe `charge.failed` webhook events for subscriptions that have already been cancelled in Stripe which could interfere with processing the subsequent `customer.subscription.deleted` webhook event. #3556 (@dparker1005)

== Changelog ==
= 3.6.3 - 2025-12-15 =
* SECURITY: No longer prepopulating the password field on the checkout page after a failed checkout attempt. #3551 (@dparker1005)
* BUG FIX/ENHANCEMENT: Updated membership actions to run more frequently to improve support for hourly memberships. #3547 (@andrewlimaza)
* BUG FIX/ENHANCEMENT: Improved the styling for nested `.pmpro_card` elements. #3539 (@kimcoleman)
* BUG FIX: Fixed the HTML structure when displaying image-type file fields to improve appearance. #3537 (@kimcoleman)
* BUG FIX: Corrected the links shown for the Stripe Tax setting. #3546 (@dwanjuki)

Changelog
3.6.2 - 2025-11-20

• ENHANCEMENT: Stripe subscriptions will no longer be created with an application fee or will have the fee immediately removed when the initial payment is complete. Application fees will then be added per-invoice during the `invoice.created` webhook to ensure that fees are only charged when PMPro is actively managing the subscription. #3535 (@dparker1005)
• ENHANCEMENT: Updated the Stripe webhook handler to remove application fees from existing subscriptions over time during the `invoice.upcoming` webhook event. This helps to ensure that websites that have stopped using Stripe Connect will not be charged the 2% application fee. #3535 (@dparker1005)
• ENHANCEMENT: Updated the PayPal IPN handler to use the `add_order_note()` method when adding the IPN ID to an order. #3534 (@dparker1005)
• BUG FIX: Restored fallback logic for pulling billing addresses from Stripe customer objects and previous PMPro orders when a Stripe recurring payment is received without a billing address set on the payment method. #3533 (@dparker1005)
• BUG FIX: Fixed an issue where correcting data in fields with validation errors did not clear the error border from the input. #3531 (@andrewlimaza)
• BUG FIX: Fixed an issue where the Edit Member sidebar may not show the correct user field panels after changing a user's membership level. #3532 (@dparker1005)

= 3.5.3 - 2025-07-25 =
* ENHANCEMENT: Added a new `!!renew_url!!` email template variable to expiration and cancellation email templates. #3448 (@kimcoleman)
* ENHANCEMENT: Extended the checkout spam protection setting to also protect the login form. #3450 (@ideadude)
* ENHANCEMENT: Added a `startdate` column to the Members List CSV export. #3443 (@dparker1005)
* ENHANCEMENT: Changed the name of the "Membership Recurring" email template to "Recurring Payment Reminder". #3451 (@kimwhite)
* ENHANCEMENT: Added an "Action Scheduler Health" section to the PMPro Site Health report. #3453 (@dalemugford)
* ENHANCEMENT: Now cleaning up PMPro Action Scheduler scheduled tasks when the plugin is deactivated or uninstalled. #3440 (@dalemugford)
* BUG FIX/ENHANCEMENT: Now avoiding cases where duplicate PMPro Action Scheduler scheduled tasks may be created. #3444 (@dalemugford)
* BUG FIX: Fixed an issue where the Admin Activity Email would not be sent. #3441 (@dalemugford)
* BUG FIX: Fixed an issue where "Recent Members" metabox may not show correctly on websites using custom database table prefixes. #3442 (@dparker1005)
* BUG FIX: Fixed an issue where an incorrect level name may be sent in renewal emails when level for the associated subscription had changed. #3449 (@dparker1005)
* BUG FIX: Fixed an issue where sorting columns on the Subscriptions List Table would not work when a search term was set. #3447 (@dparker1005)
* BUG FIX: Fixed a rare plugin conflict that could prevent Elementor data from completing the migration included in PMPro v3.5. #3445 (@dparker1005)
* BUG FIX: Fixed an issue where Wisdom data would only ever be sent on the first day of each month. #3446 (@dparker1005)

= 3.5.2 - 2025-07-14 =
* BUG FIX: Fixed an issue where members may receive multiple recurring payment reminder emails for the same payment. #3437 (@mircobabini)
* BUG FIX: Fixed an issue where gateway settings may not show for some gateways. #3436 (@dparker1005)
* BUG FIX: Fixed an issue where "Recent Members" metabox may not show correctly on websites using custom database table prefixes. #3434 (@jeiseman)
* BUG FIX: Fixed a PHP error that would occur when the `post__not_in` parameter of `WP_Query` is not an array. #3438 (@dparker1005)
* BUG FIX: Added back a missing argument for the deprecated `pmpro_email_template` filter. #3432 (@dparker1005)