16 matches found
CVE-2026-33204
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2025-58648
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through = 3.6.4...
CVE-2025-58648
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through = 3.6.4...
WordPress Simple JWT Login Plugin <= 3.6.4 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin Simple JWT Login versions = 3.6.4...
CVE-2025-58648 WordPress Simple JWT Login plugin <= 3.6.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through = 3.6.4...
WordPress plugin Simple JWT Login 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...
PT-2025-38937
Name of the Vulnerable Software and Affected Versions Nicu Micle Simple JWT Login versions through 3.6.4 Description The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting issue. This allows for the injection of...
CVE-2021-24804
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...
Simple JWT Security Vulnerability
Simple JWT is Jazzband open source a JSON Web Token authentication plugin for Django REST Framework. Simple JWT version 5.3.1 and earlier versions have a security vulnerability , the vulnerability stems from the lack of user authentication checks through the foruser method . An attacker can explo...
CVE-2021-24998
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic...
Default credentials
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic...
CVE-2021-24998
The CVE-2021-24998 entry concerns the WordPress plugin Simple JWT Login (pre-3.3.0). The root cause is the plugin’s password generation using PHP’s non-cryptographically secure functions, specifically the use of str_shuffle to create new user passwords. This enables creation of new WordPress user...
CVE-2021-24804
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...
Default credentials
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...
CVE-2021-24804 Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...
CVE-2021-24804
CVE-2021-24804 affects the WordPress plugin Simple JWT Login prior to version 3.2.1. The vulnerability is a CSRF/nonce-check bypass in the settings save path, allowing a logged-in administrator to modify critical options (e.g., HMAC verification secret, account registration, and default user role...