Support » Plugin: WP Mail SMTP by WPForms - The Most Popular SMTP and Email Log Plugin » Works great, but has security compromise

  • Hi.
    The plugin works as expected.
    But i must comment that it has an important security compromise. It stores the password in plain text, so anyone gaining access to the BBDD could also access to the email server (!).

    I hope there will be an update encrypting the password stored.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter pezflash

    (@pezflash)

    I need to add another important notice here, as some topics related with this security thread are being closed in the support section.

    I finally moved to another plugin that doesn’t have this security hole. My surprise came when i removed WP-Mail-SMTP completely from my WP, and i realised later that the entries (including of course the plain-text password) in the DDBB were still there! (?!)

    So this is both ad important advice for others users and also a recommendation to update this plugin with the encryption issue and the addon of the plugin removing its own entries on the database on deletion.

    hi pezflash, which one do you use now?

    Thread Starter pezflash

    (@pezflash)

    Postman SMTP

    Moderator Yui

    (@fierevere)

    永子

    Its not possible to encrypt password, to use it as clear-text later.
    Can only scramble them, but its easy to decrypt if you know what to look for (scrambling algo)

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Works great, but has security compromise’ is closed to new replies.