WordPress · Simple Jwt Login · CVE-2021-24998
Name of the Vulnerable Software and Affected Versions:
Simple JWT Login WordPress plugin versions prior to 3.3.0
Description:
The issue allows creation of new WordPress user accounts with a randomly generated password. The password generation uses the `str shuffle` PHP function, which does not produce cryptographically secure values and is not suitable for cryptographic purposes.
Recommendations:
For Simple JWT Login WordPress plugin versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue.