CVE-2024-11201 myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode

🗓️ 06 Dec 2024 05:26:14Reported by WordfenceType

Vulnerability in myCred plugin allows stored cross-site scripting via mycred_send shortcode for attackers.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-11201	6 Dec 202405:33	–	circl
CNNVD	WordPress plugin myCred 跨站脚本漏洞	6 Dec 202400:00	–	cnnvd
CVE	CVE-2024-11201	6 Dec 202405:26	–	cve
EUVD	EUVD-2024-34091	3 Oct 202520:07	–	euvd
NVD	CVE-2024-11201	6 Dec 202406:15	–	nvd
Patchstack	WordPress myCred plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode vulnerability	5 Dec 202422:24	–	patchstack
Positive Technologies	PT-2024-16819 · WordPress · Mycred	6 Dec 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-11201	23 May 202507:00	–	redhatcve
Vulnrichment	CVE-2024-11201 myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode	6 Dec 202405:26	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (December 2, 2024 to December 8, 2024)	12 Dec 202415:38	–	wordfence

[
  {
    "vendor": "saadiqbal",
    "product": "Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.7.5.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3203071/mycred/trunk/includes/shortcodes/mycred_send.php
wordpress	www.wordpress.org/plugins/mycred/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/2d1d9bee-4afa-44cc-8e7a-8a73ad018c4a
plugins	www.plugins.trac.wordpress.org/browser/mycred/tags/2.7.5/includes/shortcodes/mycred_send.php

08 Apr 2026 16:44Current

CVSS 3.16.4

EPSS0.0992

CWE-79