Vulnerability Details CVE-2021-24998
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-24998
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:-
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.0.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.1.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.2.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.2.1
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.2.2
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.2.3
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.2.4
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.3.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.3.1
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.4.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.5.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.6.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.6.1
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.6.2
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.6.3
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:1.6.4
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.0.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.1.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.1.1
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.2.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.2.1
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.2.2
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.2.3
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.2.4
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.2.5
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.2.6
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.2.7
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.3.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.3.1
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.4.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.4.1
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.5.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.5.1
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.5.2
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.6.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.6.1
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:2.6.2
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:3.0.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:3.1.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:3.2.0
-
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:3.2.1