WP OAuth Server 3.2.4 has been released.
This update is available to all valid license holders. Simply update WP OAuth Server in the plugin area as normal.
It is possible that a hacker could hijack the action wo_create_client and run malicious code. This was because the action was ran before the capabilities checks were run.
It is possible that a person that is logged in could remove clients by running code without the proper permissions.
All versions of WP OAuth Server below 3.2.4.
It is important to ensure that all users of WP OAuth Server know and understand that certain versions of WP OAuth Server contain exploits. As they are reported by others or found by our security team, they are patched privately. Once the security update is released, we publish a detailed overview of the exploits.