New Version Security Issues
-
With the latest 1.7.2 version. You have changed the folder where the uploaded files will be stored to wau-uploads. There are 2 main issues that arised:
- Some files that were uploaded and ended up in wau-uploads folder are not accessible from order page download link, it shows “Unauthorized Access”. Issue is happening in your wau_secure_file_download() and If the nonce is missing or invalid, it immediately calls
wp_die(), blocking access. - PDF and some other files are still getting uploaded to the regular WordPress upload 2025 folder. Why? If you are making an upgrade why you left behind certain file formats. $allowed_types = apply_filters( ‘wau_allowed_file_types’, array( ‘jpg’, ‘jpeg’, ‘png’, ‘gif’, ‘webp’ ) );
Please fix or revert back to the same old regular upload to WP Upload folder. Fix this asap because half of our files are sitting in WP Upload and the new ones that are not accessible are going in WAU folder. Update asap.
- Some files that were uploaded and ended up in wau-uploads folder are not accessible from order page download link, it shows “Unauthorized Access”. Issue is happening in your wau_secure_file_download() and If the nonce is missing or invalid, it immediately calls
-
@dhruvin No. I did not enable any other files. The plugin always had pdf, jpeg and other files type enabled. All use to be saved in regular WP Upload folder. With the new security pdf gets saved in WP Upload whereas jpeg are getting saved in WAU-Upload folder – that is not accessible, meaning the file when clicked on the order page says “Unauthorized Access”. Also before under order page, it use to provide you complete link to download these files such as wp-content/uploads/2025/01/newfile.jpg now it only says newfile.jpg with a link.
The topic ‘New Version Security Issues’ is closed to new replies.
