Recently, a plugin utilized by over a million WordPress site owners was discovered to have a bug in a prior release that logged passwords in plaintext. While the problem has since been fixed in an update, credentials may still be floating around in logs, so be sure to take a look.

The All-In-One Security (AIOS) plugin for WordPress includes

Source: Hot Hardware – Facepalm: A WordPress Security Plugin With 1M Installs Saved Passwords In Plaintext