Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT Insecure Password Creation - CVE-2021-24998 - Vulnerability Database
WP Plugin Simple Jwt Login

WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT Insecure Password Creation - CVE-2021-24998

High
Reference: CVE-2021-24998
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-24998
Title: WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT Insecure Password Creation
Overview:

WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT is using the str_shuffle PHP function to generate user passwords that does not generate cryptographically secure values and should not be used for cryptographic purposes according to PHPs documentation. WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT version 3.2.1 is vulnerable prior versions may also be affected.