PT-2025-47434 · WordPress · Wp Login/Register Using Jwt

Athiwat Tiprasaharn

Published

2025-11-19

Updated

2025-11-19

CVE-2025-12822

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions WP Login and Register using JWT plugin for WordPress versions through 3.0.0

Description The WP Login and Register using JWT plugin for WordPress is susceptible to unauthorized data access. This is due to a missing capability check within the mo jwt generate new api key() function. Authenticated attackers possessing Subscriber-level access or higher can generate a new API key on sites lacking a pre-configured API key. This allows them to access restricted endpoints.

Recommendations Update the WP Login and Register using JWT plugin to a version later than 3.0.0.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2025-12822

Affected Products

Wp Login/Register Using Jwt

PT-2025-47434 · WordPress · Wp Login/Register Using Jwt

CVE-2025-12822

Weakness Enumeration

Related Identifiers

Affected Products

References · 6