← Back

Simple Jwt Login

simple_jwt_login

Vendor: Simple Jwt Login Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24998
1Simple Jwt Login Project
1Simple Jwt Login
Jun 17, 2026
Dec 27, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not genera...Show more
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation.Show less
CVE-2021-24804
1Simple Jwt Login Project
1Simple Jwt Login
Jun 17, 2026
Nov 17, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account regist...Show more
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover.Show less