It’s 2025, so this shouldn’t happen – but it still does.

I’m doing some work on migrating a failed project of sorts- it isn’t a complete failure- but it didn’t accomplish what the goals were, and right now it’s in a holding stasis.. however, needs to be made stable, and trustworthy before other decisions can be made.

I went to audit a few plugins utilized, and I found some code that I found very suspect- so I checked the project’s GPL code. It matched 100%.

This vendor has hard coded user creation and passwords into a project- and published it with those default passwords.

Needless to say, I removed those functions, and emailed them about it. I’m sure they’ll publish an update- and if they don’t, they’re more than just incompetent.