Vendor
An authentication bypass vulnerability (CVE-2026-14262) exists in the WordPress Simple JWT Login plugin, affecting all versions up to and including 3.6.6, which allows authenticated attackers with subscriber-level access or higher to escalate privileges to Administrator by injecting crafted identity claims into the `payload` parameter of a JWT token.