Users identified the AIOS issue almost two weeks ago. Many began to complain about the problem on the plugin’s forums. In brief, the issue allowed any user with admin rights to access the login credentials of all other administrator users. Understandably, this has led to outrage among the AIOS community.
AIOS claims that the password-logging problem was the result of a bug. In response, the development team released an update, version 5.2.0, to address the issue and remove all logged passwords from their database. Although this change seems to have rectified the core problem, AIOS aren’t out of the woods yet. Many users report that version 5.2.0 is causing their websites to break. In addition, WordPress statistics show us that hundreds of thousands of users are still using the vulnerable, outdated version of the plugin. Evidently, AIOS still has a long way to go to fully rectify their mistake.
The biggest question mark surrounding this whole situation is why AIOS is yet to step forward and recommend that all users change their passwords, especially if they utilize the same password for multiple sites. All in all, this is a worrying time for AIOS. Whether their reputation will recover from this event remains to be seen.