I’m using the “User Registration” add-on (v5.1). After a user has successfully activated their new account, an email is received which includes a link to reset the password. For example,
Username: test20230331ab
Use the password you set at registration to login.
https://foobar.example.com/wp-login.php
Forgot your password? Visit the following address to reset your password:
https://foobar.example.com/wp-login.php?action=rp&key=T2Wtt6GfEABCDEFGHIJK&login=test20230331ab
The link does not work, as it contains an invalid reset key. I think the problem is GF_User_Registration::modify_wp_new_user_notification_message(), which calls wp_generate_password() to generate the key. I believe it should be get_password_reset_key() instead.