Screenshot WOW SAVE 20% on the All Access Bundle. Use "OAUTH20OFF" at checkout.
GET DEAL
News & Updates

3.2.4 Security Update

If you have any questions please contact our
Support Team.
3.2.4 Security Update

3.2.4 Security Update

WP OAuth Server 3.2.4 has been released.

This update is available to all valid license holders. Simply update WP OAuth Server in the plugin area as normal.

Security Issues Patched

wo_create_client

It is possible that a hacker could hijack the action wo_create_client and run malicious code. This was because the action was ran before the capabilities checks were run.

wo_ajax_remove_client

It is possible that a person that is logged in could remove clients by running code without the proper permissions.

Which Versions are Vulnerable?

All versions of WP OAuth Server below 3.2.4.

Why security vulnerabilities are Publicly exposed.

It is important to ensure that all users of WP OAuth Server know and understand that certain versions of WP OAuth Server contain exploits. As they are reported by others or found by our security team, they are patched privately. Once the security update is released, we publish a detailed overview of the exploits.

Other Fixes

  • Added ssl_verify parameter to wp_remote_get() during license check
  • Server now return 503 header when server is unavailable.

Published: April 26, 2016

Stay right up to date

Get great content to your inbox every week. No spam.
Only great content, we don’t share your email with third parties.
Icon