On March 3, 2024 at 07:19

Responded to @janboddez:

@janboddez There are a few individuals and companies who are batch-submitting “vulnerability reports” that rely on DB read access. Plugins storing any kind of secrets in WP options are all targeted.

I do understand the benefits of encrypting those secrets but that would require asking site owners to update wp-config.php which is the only “safe” place to store secrets in WP. Imagine each plugin asking for its own constant…