From f9328c32407d7caccb8d64516038e0299cc25fe4 Mon Sep 17 00:00:00 2001 From: hbhalodia Date: Wed, 29 Apr 2026 12:15:44 +0530 Subject: [PATCH] Add the trim when checking the password when password is created using wp_hash_password --- src/wp-includes/pluggable.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php index fd659b600c379..e3114948f55e2 100644 --- a/src/wp-includes/pluggable.php +++ b/src/wp-includes/pluggable.php @@ -2855,7 +2855,7 @@ function wp_check_password( $check = false; } elseif ( str_starts_with( $hash, '$wp' ) ) { // Check the password using the current prefixed hash. - $password_to_verify = base64_encode( hash_hmac( 'sha384', $password, 'wp-sha384', true ) ); + $password_to_verify = base64_encode( hash_hmac( 'sha384', trim( $password ), 'wp-sha384', true ) ); $check = password_verify( $password_to_verify, substr( $hash, 3 ) ); } elseif ( str_starts_with( $hash, '$P$' ) ) { // Check the password using phpass.