The Simple JWT Login WordPress plugin before 3.3.0 can be...
High severity
Unreviewed
Published
Dec 28, 2021
to the GitHub Advisory Database
•
Updated Jul 4, 2023
Description
Published by the National Vulnerability Database
Dec 27, 2021
Published to the GitHub Advisory Database
Dec 28, 2021
Last updated
Jul 4, 2023
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation.
References