EUVD-2022-29627

Malicious code in bioql PyPI...

CVE-2025-58648

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through = 3.6.4...

CVE-2025-58648

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through = 3.6.4...

WordPress Simple JWT Login Plugin <= 3.6.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin Simple JWT Login versions = 3.6.4...

CVE-2025-58648 WordPress Simple JWT Login plugin <= 3.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nicu Micle Simple JWT Login simple-jwt-login allows Stored XSS.This issue affects Simple JWT Login: from n/a through = 3.6.4...

WordPress plugin Simple JWT Login 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

PT-2025-38937

Name of the Vulnerable Software and Affected Versions Nicu Micle Simple JWT Login versions through 3.6.4 Description The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting issue. This allows for the injection of...

CVE-2021-24804

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...

CVE-2022-24844

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sysautocodepgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occu...

CVE-2022-24844

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sysautocodepgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occu...

CVE-2022-24844 SQL Injection in github.com/flipped-aurora/gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sysautocodepgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occu...

CVE-2021-24998

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic...

CVE-2021-24998

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic...

Default credentials

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic...

CVE-2021-24998

The CVE-2021-24998 entry concerns the WordPress plugin Simple JWT Login (pre-3.3.0). The root cause is the plugin’s password generation using PHP’s non-cryptographically secure functions, specifically the use of str_shuffle to create new user passwords. This enables creation of new WordPress user...

CVE-2021-24804

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...

Default credentials

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...

CVE-2021-24804 Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...

CVE-2021-24804

CVE-2021-24804 affects the WordPress plugin Simple JWT Login prior to version 3.2.1. The vulnerability is a CSRF/nonce-check bypass in the settings save path, allowing a logged-in administrator to modify critical options (e.g., HMAC verification secret, account registration, and default user role...

Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF

The plugin does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover. PoC The following HTML code can be...