Opened 10 months ago
wp_insert_user allows a user to be created with empty passwords
|Reported by:||ancawonka||Owned by:|
While looking at the different files where user information is created, I noticed that there are some differences between wp_insert_user(programmatic creation of users) and edit_user (called from the admin).
wp_insert_user assumes that a user_pass parameter is included, which creates a user with no password.