[wp-trac] [WordPress Trac] #63573: wp_signups.activation_key stored in cleartext – inconsistent with wp_users.user_activation_key
WordPress Trac
noreply at wordpress.org
Fri Jun 20 06:30:43 UTC 2025
#63573: wp_signups.activation_key stored in cleartext – inconsistent with
wp_users.user_activation_key
--------------------------+------------------------------
Reporter: misoksimin | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by yashjawale):
Welcome to trac @misoksimin & thanks for submitting the ticket 🙌
I can confirm that `activation_key` in `wp_signups` is saved in cleartext
format, contrary to them being stored as hashes in `wp_users` table. As
visible in the attachments above.
I'll be happy to work on a patch that fixes this so when core committers
see this issue a solution is already underway...
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63573#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list