The myCred plugin for WordPress and WooCommerce, which allows users to earn points, ranks, badges, cashback, and credits for gamification, has a security vulnerability. This vulnerability, known as Stored Cross-Site Scripting, affects all versions of the plugin up to 2.7.5.2. It occurs because the plugin does not properly filter and protect user input and output, allowing attackers with contributor-level access or higher to insert harmful web scripts into pages that can be executed when a user visits the affected page.