Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Simple JWT Login < 3.3.0 - Insecure Password Creation
Vulnerability Description
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress plugin Simple JWT Login 安全特征问题漏洞
Vulnerability Description
WordPress等都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。WordPress plugin是一个应用插件。PHP等都是的产品。PHP是一种在服务器端执行的脚本语言。 WordPress plugin Simple JWT Login 3.3.0之前版本存在安全特征问题漏洞,该漏洞源于插件可以使用随机生成的密码创建新的WordPress用户帐户。密码是使用PHP的str shuffle函数生成的,根据PHP文档,该函数“不会生成加密安全的值,并且不应该用于
CVSS Information
N/A
Vulnerability Type
N/A