Mycred

mycred

Vendor: Wpexperts • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-43214 1Wpexperts 1Mycred Apr 23, 2026 Aug 26, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.
CVE-2023-47853 1Wpexperts 1Mycred Apr 28, 2026 Nov 30, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myC...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1.Show less
CVE-2023-35096 1Wpexperts 1Mycred Apr 28, 2026 Jul 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.
CVE-2022-1092 1Wpexperts 1Mycred Oct 17, 2025 Apr 25, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address pre...Show more The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blogShow less
CVE-2022-0363 1Wpexperts 1Mycred Oct 17, 2025 Apr 25, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycre...Show more The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.Show less
CVE-2022-0287 1Wpexperts 1Mycred Oct 17, 2025 Apr 25, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresse...Show more The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blogShow less
CVE-2021-24755 1Wpexperts 1Mycred Oct 17, 2025 Nov 29, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user