Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mycred mycred vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-20008
The myCred WordPress plugin prior to 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting
Mycred Mycred
NA
CVE-2023-35096
Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.
Mycred Mycred
NA
CVE-2023-47853
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamificatio...
Mycred Mycred
356
VMScore
CVE-2022-0363
The myCred WordPress plugin prior to 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating...
Mycred Mycred
578
VMScore
CVE-2021-24755
The myCred WordPress plugin prior to 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
Mycred Mycred
383
VMScore
CVE-2021-25015
The myCred WordPress plugin prior to 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue
Mycred Mycred
356
VMScore
CVE-2022-0287
The myCred WordPress plugin prior to 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
Mycred Mycred
356
VMScore
CVE-2022-1092
The myCred WordPress plugin prior to 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog
Mycred Mycred
NA
CVE-2024-32711
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a up to and including 2.6.3.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started