Title: Plugin stores password as plaintext
Last modified: April 18, 2018

---

# Plugin stores password as plaintext

 *  Resolved [gordon77](https://wordpress.org/support/users/gordon77/)
 * (@gordon77)
 * [8 years ago](https://wordpress.org/support/topic/plugin-stores-password-as-plaintext/)
 * The plugin stores passwords as plaintext if one creates a password field where
   the meta key is not “user_password”.
 * You can find the password as plain text in your database. Check “usermeta” table
   with the meta key you set. The password is also send as plaintext in an email
   to the admin.
 * This is a security vulnerability. I wrote you an email about this. You did not
   change this in your new version.
 * I tested this vulnerability with version 2.0.6, 2.0.9 and 2.0.10. WordPress version
   is 4.9.5.
 * I highly recommend to deactivate the plugin until the “developers” remove this
   vulnerability.

Viewing 1 replies (of 1 total)

 *  Plugin Support [calumallison](https://wordpress.org/support/users/calumallison/)
 * (@calumallison)
 * [8 years ago](https://wordpress.org/support/topic/plugin-stores-password-as-plaintext/#post-10195730)
 * Hi,
 * We’re currently looking into this.
 * Thanks

Viewing 1 replies (of 1 total)

The topic ‘Plugin stores password as plaintext’ is closed to new replies.

 * ![](https://ps.w.org/ultimate-member/assets/icon-256x256.png?rev=3160947)
 * [Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin](https://wordpress.org/plugins/ultimate-member/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ultimate-member/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ultimate-member/)
 * [Active Topics](https://wordpress.org/support/plugin/ultimate-member/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ultimate-member/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ultimate-member/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [calumallison](https://wordpress.org/support/users/calumallison/)
 * Last activity: [8 years ago](https://wordpress.org/support/topic/plugin-stores-password-as-plaintext/#post-10195730)
 * Status: resolved