WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT Insecure Password Creation (3.2.1)
Description
WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT is using the str_shuffle PHP function to generate user passwords, that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation. WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT version 3.2.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.3.0 or latest