CVE-2025-7079 | mao888 bluebell-plus up to 2.3.0 JWT Token jwt.go mySecret hard-coded password (Issue 35)

Inserito da Angelo Barbosa | Lug 5, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plus leads to use of hard-coded password.

The identification of this vulnerability is CVE-2025-7079. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-7079 | mao888 bluebell-plus up to 2.3.0 JWT Token jwt.go mySecret hard-coded password (Issue 35)

Post correlati

CVE-2025-7360 | HT Contact Form Widget Plugin up to 2.2.1 on WordPress handle_files_upload path traversal

CVE-2024-6338 | FV Player Plugin up to 7.5.46.7212 on WordPress exclude sql injection

CVE-2024-9178 | XT Floating Cart for WooCommerce Plugin up to 2.8.2 on WordPress SVG File Upload cross site scripting

CVE-2024-12943 | CodeAstro House Rental Management System 1.0 /ownersignup.php f/e/p/m/o/n/c/s/ci/a sql injection