Skip to main content

New Plugin Release 3.6.5

· One min read
Nicu Micle
Nicu Micle
Creator of Simple JWT Login

The version 3.6.5 has been released today on WordPress.

This is a security and maintenance release. We strongly recommend updating immediately.

Security Fix

This release addresses a Stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-58648. Stored XSS vulnerabilities allow an attacker to inject malicious scripts that are persisted on the server and executed in the browsers of other users. This fix prevents unsanitized input from being stored and rendered as HTML.

If you are running an older version, please update as soon as possible to protect your site and users.

  • Fix CVE-2025-58648 — Stored Cross-Site Scripting vulnerability (PR #162)

Bug Fixes

  • Fix Reset Password: the function was not applying base64 encoding logic, preventing users from using special characters in their passwords (#161, PR #163)
  • Fix PHP session initialization warning (#159)

Compatibility

  • Update WordPress 6.9 Compatibility

If you encounter any issues after updating, please open an issue on GitHub.