Skip to main content

Simple Jwt Login

2 CVEs product

Monthly

CVE-2021-24998 HIGH PATCH This Week

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP Information Disclosure Simple Jwt Login
NVD WPScan
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-24804 HIGH POC This Week

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Simple Jwt Login
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP Information Disclosure +1
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Simple Jwt Login
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy