Bad password reset key from User Registration

I’m using the “User Registration” add-on (v5.1). After a user has successfully activated their new account, an email is received which includes a link to reset the password. For example,

Username: test20230331ab

Use the password you set at registration to login.

https://foobar.example.com/wp-login.php

Forgot your password? Visit the following address to reset your password:

https://foobar.example.com/wp-login.php?action=rp&key=T2Wtt6GfEABCDEFGHIJK&login=test20230331ab

The link does not work, as it contains an invalid reset key. I think the problem is GF_User_Registration::modify_wp_new_user_notification_message(), which calls wp_generate_password() to generate the key. I believe it should be get_password_reset_key() instead.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.