Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mycred mycred vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32711
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a up to and including 2.6.3.
5.4
CVSSv3
CVE-2023-47853
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamificatio...
Mycred Mycred
8.8
CVSSv3
CVE-2023-35096
Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.
Mycred Mycred
4.3
CVSSv3
CVE-2022-1092
The myCred WordPress plugin prior to 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog
Mycred Mycred
4.3
CVSSv3
CVE-2022-0363
The myCred WordPress plugin prior to 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating...
Mycred Mycred
4.3
CVSSv3
CVE-2022-0287
The myCred WordPress plugin prior to 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
Mycred Mycred
6.1
CVSSv3
CVE-2021-25015
The myCred WordPress plugin prior to 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue
Mycred Mycred
6.1
CVSSv3
CVE-2017-20008
The myCred WordPress plugin prior to 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting
Mycred Mycred
8.8
CVSSv3
CVE-2021-24755
The myCred WordPress plugin prior to 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
Mycred Mycred
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started