Log out
Get PRO

Latest

Input validation vulnerability in myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification 2.7.2

  • Severity: high-risk
  • Status: Fixed
  • Publication: August 16, 2024

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce has a security vulnerability that allows attackers to inject a type of code called a PHP Object. This can happen if the plugin receives untrusted input through a specific parameter. This could potentially give the attacker access to sensitive information or allow them to delete files on the website. It is important to update to version 2.7.3 to fix this vulnerability.

Detected in:

myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification fixed vulnerable versions:
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program. fixed vulnerable versions:
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program. fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.