2 matches found
CVE-2024-8658 myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade
The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...
WordPress myCred Plugin <= 2.7.3 is vulnerable to Broken Access Control
Software myCred Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8658 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 52e7fd723681 Credits Mika Required privilege Unauthenticated...