1. Some files that were uploaded and ended up in wau-uploads folder are not accessible from order page download link, it shows “Unauthorized Access”. Issue is happening in your wau_secure_file_download() and If the nonce is missing or invalid, it immediately calls wp_die(), blocking access.
2. PDF and some other files are still getting uploaded to the regular WordPress upload 2025 folder. Why? If you are making an upgrade why you left behind certain file formats. $allowed_types = apply_filters( ‘wau_allowed_file_types’, array( ‘jpg’, ‘jpeg’, ‘png’, ‘gif’, ‘webp’ ) );

Please fix or revert back to the same old regular upload to WP Upload folder. Fix this asap because half of our files are sitting in WP Upload and the new ones that are not accessible are going in WAU folder. Update asap.

I’m facing an issue with syncing users between two websites. The synchronization process works flawlessly from Site A to Site B. However, when I attempt to log in from Site B to Site A, I encounter the following error:

“The remote website encountered the following error: Unauthorized access (invalid remote IP address)”

While all incoming and outgoing actions function correctly on Site A, the same actions on Site B result in the mentioned error. I’m seeking advice on a workaround for this issue.

I have two sites that need their users synced. The sync works perfectly from Site A -> Site B, but, when I test login from Site B -> Site A, it throws the following error :

The remote website encountered the following error: Unauthorized access (invalid remote IP address)

All the incoming and outgoing actions work perfectly fine on Site A, but, all the incoming and outgoing actions throw the above mentioned error on Site B.

Please suggest any workaround for this issue.

The Link Whisper Free plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init() function called via admin_init in versions up to, and including, 0.6.3. This makes it possible for unauthenticated attackers to export post data.

I hope this is an easy fix,

Janek

The issue we are having is when someone tries to place an order, and puts, 5 meals in their cart, and hits proceed, a message comes up saying unauthorized access. 

I get no errors, nothing. It seems to work fine for a few days, then blocks everyone out that is either logged in or our new. 

Any ideas where to start?

Thank you!

We have 4 sites deployed with WP Remote Users Sync.
Weirdly enough we have the following problem on 3 different locations.
Test login on new.kiwanis. eu to messaging.kiwanis.eu and both test to/from work.
Test login on messaging.kiwanis. eu to new.kiwanis.eu and both test to/from FAIL with “Unauthorized access (invalid token)”.
Question is why it works on one server but not on the other.
Settings are identical on the 4 sites.
Same issue between academy.kiwanis.eu (fails) and new.kiwanis.eu (works) and between kap.kiwanis.eu (fails) and new.kiwanis.eu (works).

Any idea what could be wrong?

Thanks,

Jan

This issue has been resolved.

Although, I am only the administrator of my website.

Could you please check. I have checked with disabling all the plugins and activated the default WordPress theme.

WordPress version is: 5.4.2 on PHP7.x

I hope everyone is well.

I worked on a few sites and somehow, new admin accounts are being created constantly. The email addresses are completely random, so I’m sure that it is spam attempts. The default role of a new user is set to be a subscriber in the settings, but all these new accounts are admin accounts when created. I have gone ahead and removed the wp-signup page (I just renamed it to wp-signup.php.bak) to make it inaccessible, but the new accounts are still being created.

No changes have been made to the website from these accounts, but I have no idea what more to do to prevent this. I am sure that my admin account isn’t compromised as I have changed the username and password, yet it is still happening.

Does anyone maybe have a suggestion on what else I can do?