[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcQNmHn8wY0PMdoPMi6UaDk2LhFF681ozBWeyyopQ3Yc":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2021-46743","firebase-php-jwt-algorithm-confusion","Firebase PHP-JWT \u003C 6.0.0 - Algorithm Confusion","In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 \u002F HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. This may or may not be exploitable in WordPress plugins and themes using the library.","jwt-auth",null,"\u003C=2.1.0","2.1.1","critical",9.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:N","Access of Resource Using Incompatible Type ('Type Confusion')","2022-11-11 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8aa0fffa-475e-4227-9ab1-17ca6fcce529?source=api-prod",438]