Description
WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT is using the str_shuffle PHP function to generate user passwords, that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation. WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT version 3.2.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.3.0 or latest
References
Related Vulnerabilities
WordPress Plugin Olevmedia Shortcodes Cross-Site Scripting (1.1.8)
WordPress 4.5.3 Directory Traversal Vulnerability (4.5.3)
Oracle Database Server CVE-2011-2232 Vulnerability (CVE-2011-2232)
Oracle JRE CVE-2013-5806 Vulnerability (CVE-2013-5806)
WordPress Plugin SrbTransLatin Multiple Vulnerabilities (1.46)