From latesthackingnews.com
The WordPress security plugin All-in-One Security (AIOS) silently logged users’ sign-in activities and passwords in plaintext. The plugin team fixed the flaw after public disclosure of the matter. Since the patch is now available, WordPress admins must update their websites immediately to prevent potential threats. AIOS WordPress Plugin Stored Plaintext Passwords Reportedly, the developer team behind the AIOS WordPress plugin has released a significant update addressing a severe security flaw. According to their advisory, the plugin vulnerability resulted in logging users’ passwords in plaintext in the WordPress database. The flaw severely risked the WordPress websites’ security if the admins reused the same passwords on other services’ accounts without two-factor authentication. AIOS – All-in-One Security – is a dedicated WordPress security plugin that protects websites from common cybersecurity threats. These include copywriting protection, iFrame prevention to limit content theft, comment spam filtering, and a web application firewall. While the plugin boasts tremendous usefulness for websites, the blatant logging of passwords in plaintext seemingly failed the entire purpose of the plugin.