The All-In-One Security (AIOS) WordPress security plugin was found to log plaintext passwords from user login attempts to the site’s database, putting account security at risk.
Roughly three weeks ago, a user reported that the AIOS v5.1.9 plugin was not only recording user login attempts to the aiowps_audit_log database table, used to track logins, logouts, and failed login events, but also recording the inputted password.
The issue was quickly fixed by Updraft, and an updated version of the plugin was released. However, the incident has raised concerns about the security of WordPress sites that use AIOS.
