268 matches found
CVE-2026-8607
The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...
CVE-2026-8607 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute
The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...
CVE-2026-8607
The CVE concerns the WordPress plugin myCred (Points Management System for Gamification)
EUVD-2026-36997
Subscriber Broken Access Control in myCred = 3.0.3 versions...
CVE-2026-40794
Subscriber Broken Access Control in myCred = 3.0.3 versions...
CVE-2026-40794
The CVE concerns WordPress plugin myCred ≤ 3.0.3 with a Broken Access Control vulnerability. Affected software: WordPress plugin myCred (versions up to 3.0.3). The provided sources identify the issue but do not disclose the exact root cause, affected functions/files, or concrete impact details be...
CVE-2026-40794 WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability
Subscriber Broken Access Control in myCred = 3.0.3 versions...
CVE-2026-40794 WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability
Subscriber Broken Access Control in myCred = 3.0.3 versions...
PT-2026-49431
Subscriber Broken Access Control in myCred = 3.0.3 versions...
CVE-2026-42676
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...
CVE-2026-42676
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...
CVE-2026-42676 WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...
CVE-2026-42676
The CVE-2026-42676 entry documents a Stored XSS vulnerability in the WordPress myCred plugin, affecting versions from n/a through 3.0.4. The root cause is improper input neutralization during web page generation, enabling injected scripts to be stored and served in pages. Multiple connected sourc...
EUVD-2026-33687
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...
CVE-2026-42676 WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...
PT-2026-45463
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...
WordPress plugin myCred 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin myCred versions = 3.0.4...
WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin myCred versions = 3.0.3...
CVE-2026-27440
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...