Approved changes feed: RSS · Atom
cpe:2.3:a:wpexperts:mycred:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Wpexperts (2e7dcd66-99b9-59e7-ac12-15648f489cb2) |
|---|---|
| Product | Mycred (6b6bf157-fb7f-5721-adfb-caa630f167f2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-43214 |
vulnerable | 2026-06-03 14:56:44.737113 |
WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.
Published: 2024-08-26T20:21:58.639Z
Updated: 2026-04-28T16:10:09.799Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47853 |
vulnerable | 2026-06-03 14:53:18.360026 |
WordPress myCred Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1.
Published: 2023-11-30T16:49:11.630Z
Updated: 2026-04-28T16:08:53.390Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-35096 |
vulnerable | 2026-06-03 14:52:17.781841 |
WordPress myCred Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)
MEDIUM (5.4)
Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.
Published: 2023-07-17T13:35:21.634Z
Updated: 2026-04-28T16:08:29.536Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1092 |
vulnerable | 2026-06-03 14:45:57.997599 |
myCred < 2.4.4 - Subscriber+ Import/Export to Email Address Disclosure
The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog
Published: 2022-04-25T15:51:15.000Z
Updated: 2024-08-02T23:55:22.825Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0363 |
vulnerable | 2026-06-03 14:45:56.030002 |
myCred < 2.4.4 - Subscriber+ Arbitrary Post Creation
The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.
Published: 2022-04-25T15:50:56.000Z
Updated: 2024-08-02T23:25:40.197Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-0287 |
vulnerable | 2026-06-03 14:45:55.844800 |
Mycred < 2.4.4.1 - Subscriber+ User E-mail Addresses Disclosure
The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
Published: 2022-04-25T15:50:55.000Z
Updated: 2024-08-02T23:25:40.098Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24755 |
vulnerable | 2026-06-03 14:44:03.379709 |
myCred < 2.3 - Subscriber+ SQL Injection
The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
Published: 2021-11-29T08:25:35.000Z
Updated: 2024-08-03T19:42:16.590Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.