Описание
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.0 (исключая)
cpe:2.3:a:simple_jwt_login_project:simple_jwt_login:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 43%
0.00207
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-330
Связанные уязвимости
CVSS3: 7.5
github
около 4 лет назад
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation.
EPSS
Процентиль: 43%
0.00207
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-330