CVE-2021-24804

Name of the Vulnerable Software and Affected Versions: Simple JWT Login WordPress plugin versions prior to 3.2.1

Description: The issue allows attackers to modify the plugin's settings without proper validation, potentially leading to site takeover. Settings that can be updated include the HMAC verification secret, account registering, and default user roles.

Recommendations: For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation.