The Simple JWT Login WordPress plugin prior to 3.2.1 does not have nonce checks when saving its settings, allowing malicious users to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simple jwt login project simple jwt login |