VYPR

Simple JWT Login

by WordPress

Source repositories

CVEs (3)

  • CVE-2021-24804HigNov 17, 2021
    risk 0.57cvss 8.8epss 0.01

    The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could…

  • CVE-2021-24998HigDec 27, 2021
    risk 0.49cvss 7.5epss 0.01

    The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used…

  • CVE-2025-58648MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through <= 3.6.4.