The myCred plugin, used for loyalty points and rewards on WordPress and WooCommerce, has a security vulnerability in all versions up to 2.7.2. This allows anyone without proper authentication to access the open badge email through the get_issuer_data() function.