Security Issue: Password stored as plain text in DB | WordPress.org

Resolved mastram
(@mastram)

7 years, 3 months ago

I noticed that passwords are stored as plain text in the Word Press DB.

I have the root login and I could see the STMP passwords of all the users who have installed your plugin !!!!!

Potentially I can use their email to send SPAMs !!

I noticed that others have reported this issue, but you have not fixed it.
I can offer to fix this for you … but you must assure that you will update the official plugin wit this fix

Viewing 1 replies (of 1 total)

Callum Macdonald
(@chmac)

7 years, 1 month ago

This is a commonly asked and answered question. If you’re motivated please read the history. There is no simple solution. I wrote it up here:
https://www.callum-macdonald.com/code/wp-mail-smtp/#section_security

Bottom line, no, your changes will not get merged.

Viewing 1 replies (of 1 total)

The topic ‘Security Issue: Password stored as plain text in DB’ is closed to new replies.

In: Plugins
1 reply
2 participants
Last reply from: Callum Macdonald
Last activity: 7 years, 1 month ago
Status: resolved