The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce has a security vulnerability that allows attackers to inject a type of code called a PHP Object. This can happen if the plugin receives untrusted input through a specific parameter. This could potentially give the attacker access to sensitive information or allow them to delete files on the website. It is important to update to version 2.7.3 to fix this vulnerability.