Mycred

Mycred

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-40794

  • EPSS 0.28%
  • Veröffentlicht 15.06.2026 20:18:28
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Subscriber Broken Access Control in myCred <= 3.0.3 versions.

6.5

CVE-2026-42676

  • EPSS 0.13%
  • Veröffentlicht 01.06.2026 17:17:00
  • Zuletzt bearbeitet 01.06.2026 17:57:16

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4.

5.4

CVE-2024-10187

  • EPSS 0.31%
  • Veröffentlicht 08.11.2024 10:15:03
  • Zuletzt bearbeitet 13.11.2024 20:31:08

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t...

5.3

CVE-2024-8658

  • EPSS 0.32%
  • Veröffentlicht 25.09.2024 06:15:05
  • Zuletzt bearbeitet 02.10.2024 18:36:04

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data...

9.8

CVE-2024-43354

  • EPSS 0.53%
  • Veröffentlicht 19.08.2024 20:15:08
  • Zuletzt bearbeitet 29.04.2026 10:16:33

Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.

6.5

CVE-2024-43353

  • EPSS 0.25%
  • Veröffentlicht 18.08.2024 13:15:03
  • Zuletzt bearbeitet 23.04.2026 15:18:54

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.

6.5

CVE-2024-32711

  • EPSS 0.35%
  • Veröffentlicht 24.04.2024 11:15:47
  • Zuletzt bearbeitet 23.04.2026 15:18:20

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.6.3.

6.1

CVE-2021-25015

Exploit
  • EPSS 0.89%
  • Veröffentlicht 24.01.2022 08:15:09
  • Zuletzt bearbeitet 21.11.2024 05:54:11

The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue

6.1

CVE-2017-20008

Exploit
  • EPSS 0.88%
  • Veröffentlicht 29.11.2021 09:15:07
  • Zuletzt bearbeitet 21.11.2024 03:22:26

The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting