WordPress.org

Support

Support » Plugins and Hacks » Serious bug preventing password reset: user_activation_key is hashed as of WP3.7

Serious bug preventing password reset: user_activation_key is hashed as of WP3.7

  • See lines 338-356 of wp-login.php for the new way to create user_activation_key for password resets.

    I believe this affects the multisite signup/activation process as well.

    Until this bug is fixed some users may find it impossible to reset their passwords (I think if you send a password reset email via /wp-login.php and then try to send one via TML’s reset password page you can reproduce the bug and you’ll be sent the hash of a token in your email rather than the token itself).

    https://wordpress.org/plugins/theme-my-login/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Serious bug preventing password reset: user_activation_key is hashed as of WP3.7’ is closed to new replies.