VYPR

Mycred

by WordPress

Source repositories

CVEs (26)

  • CVE-2024-43354CriAug 19, 2024
    risk 0.64cvss 9.8epss 0.01

    Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.

  • CVE-2021-24755HigNov 29, 2021
    risk 0.57cvss 8.8epss 0.01

    The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user

  • CVE-2026-40794MedJun 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Subscriber Broken Access Control in myCred <= 3.0.3 versions.

  • CVE-2026-42676MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4.

  • CVE-2025-54668MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.4.3.

  • CVE-2024-43353MedAug 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.

  • CVE-2024-32711MedApr 24, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.6.3.

  • CVE-2023-47853MedNov 30, 2023
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges &…

  • CVE-2023-35096MedJul 17, 2023
    risk 0.42cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.

  • CVE-2026-0550MedFeb 14, 2026
    risk 0.35cvss 6.4epss 0.00

    The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycred_load_coupon' shortcode in all versions up to, and including, 2.9.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-11201MedDec 6, 2024
    risk 0.35cvss 6.4epss 0.01

    The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send…

  • CVE-2025-54667MedAug 14, 2025
    risk 0.34cvss 5.3epss 0.00

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred mycred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects myCred: from n/a through <= 2.9.4.3.

  • CVE-2025-49872MedJun 17, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through <= 2.9.4.2.

  • CVE-2024-43214MedAug 26, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.

  • CVE-2021-25015MedJan 24, 2022
    risk 0.33cvss 6.1epss 0.01

    The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue

  • CVE-2017-20008MedNov 29, 2021
    risk 0.33cvss 6.1epss 0.01

    The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting

  • CVE-2026-24951MedFeb 3, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.7.3.

  • CVE-2025-49857MedJun 17, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.4.2.

  • CVE-2022-1092MedApr 25, 2022
    risk 0.28cvss 4.3epss 0.00

    The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog

  • CVE-2022-0363MedApr 25, 2022
    risk 0.28cvss 4.3epss 0.00

    The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating…

Page 1 of 2