The myCred plugin for WordPress, which is used for managing points, ranks, badges, and loyalty rewards, has a security flaw that allows unauthorized access. This means that someone who is logged in and has at least Subscriber-level access can perform actions that they should not be able to.