Filtered by vendor Simple Jwt Login Project Subscriptions
Filtered by product Simple Jwt Login Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-24998 1 Simple Jwt Login Project 1 Simple Jwt Login 2024-11-21 7.5 High
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation.
CVE-2021-24804 1 Simple Jwt Login Project 1 Simple Jwt Login 2024-11-21 8.8 High
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover.