VYPR

Mycred

by WordPress

Source repositories

CVEs (26)

  • CVE-2022-0287MedApr 25, 2022
    risk 0.28cvss 4.3epss 0.01

    The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog

  • CVE-2025-12362MedDec 13, 2025
    risk 0.27cvss 5.3epss 0.00

    The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7. This is due to the plugin not properly verifying that a user is authorized to perform…

  • CVE-2025-12361MedDec 19, 2025
    risk 0.21cvss 4.3epss 0.00

    The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This is due to the plugin not properly verifying that a user is authorized to…

  • CVE-2026-8607Jun 17, 2026
    risk 0.00cvss epss 0.00

    The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization…

  • CVE-2024-10187Nov 8, 2024
    risk 0.00cvss epss 0.00

    The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link…

  • CVE-2024-8658Sep 25, 2024
    risk 0.00cvss epss 0.00

    The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…

Page 2 of 2