Hi everyone. This is a quick update on the OAuth 1.0a Server plugin, available on GitHub.
Versions of the OAuth plugin prior to this commit contain a security issue during the authorization flow, regarding signature and nonce checks. Due to the OAuth architecture, it is highly unlikely this can be used to compromise a site or client application; however due to an abundance of caution, we recommend all users update to 0.2.1 immediately. (Pull the latest changes from master.)
Thanks to @bradyvercher for responsible disclosure of this issue via HackerOne.
WP REST API: OAuth Plugin Security Update by Ryan McCue was originally posted at https://make.wordpress.org/core/2015/12/15/wp-rest-api-oauth-plugin-security-update/
No comments:
Post a Comment