Replies: 0
Was debugging an issue with the plugin earlier and realized that, even though I wasn’t using the “Other SMTP” option for the plugin, the plugin is saving all data from any field to the database. What I discovered was that my browser had autofilled a username and password into the (hidden) fields under “Other SMTP” to the database. This is a known vulnerability with some browsers (http://www.zdnet.com/article/new-phishing-attack-steals-personal-data-through-browser-autofill/#ftag=RSSbaffb68). And while there’s no domain associated with that username and password, it’s still not awesome having that info unknowingly saved to the database.
Is there a use case for keeping all mailer-specific settings in the database irregardless of which mailer is chosen?