Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mycred mycred vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-20008
The myCred WordPress plugin prior to 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting
Mycred Mycred
8.8
CVSSv3
CVE-2021-24755
The myCred WordPress plugin prior to 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
Mycred Mycred
6.1
CVSSv3
CVE-2021-25015
The myCred WordPress plugin prior to 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue
Mycred Mycred
5.4
CVSSv3
CVE-2023-47853
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamificatio...
Mycred Mycred
4.3
CVSSv3
CVE-2022-1092
The myCred WordPress plugin prior to 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog
Mycred Mycred
8.8
CVSSv3
CVE-2023-35096
Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.
Mycred Mycred
4.3
CVSSv3
CVE-2022-0287
The myCred WordPress plugin prior to 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
Mycred Mycred
4.3
CVSSv3
CVE-2022-0363
The myCred WordPress plugin prior to 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating...
Mycred Mycred
NA
CVE-2024-32711
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a up to and including 2.6.3.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started