Log out
Get PRO

Latest

Input validation vulnerability in myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin 2.6.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: November 20, 2023

The myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin plugin for WordPress is unsafe and outdated. It has a security vulnerability that could let an attacker with contributor-level or higher permissions add malicious web scripts to pages that will execute when any user visits them. This is due to the fact that user supplied attributes are not properly checked or protected. The vulnerability is present in all versions of the plugin up to 2.6.1.

Detected in:

myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification fixed vulnerable versions:
myCred – Points and Rewards, Ranks, Badges & Loyalty Plugin for WordPress and WooCommerce fixed vulnerable versions:
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program. fixed vulnerable versions:
myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program. fixed vulnerable versions:
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin fixed vulnerable versions: >= * <= 2.6.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.