8 matches found
EUVD-2026-22910
Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through = 5.7.3...
WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Muhan Luo in WordPress Plugin MyRewards versions = 5.7.3...
CVE-2026-40786
Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through = 5.7.3...
PT-2026-33052
Name of the Vulnerable Software and Affected Versions MyRewards versions prior to 5.7.4 Description Incorrectly configured access control security levels lead to a missing authorization issue in the MyRewards plugin, which allows for the exploitation of security levels. Recommendations Update to ...
📄 MyRewards 5.6.0 Missing Authorization
MyRewards – Loyalty Points and Rewards for WooCommerce versions 5.6.0 and below suffer from a missing authorization vulnerability that allows for privilege escalation. CVE-2025-15260: Missing Authorization / Broken Access Control in Plugin - MyRewards – Loyalty Points and Rewards for WooCommerce...
Exploit for CVE-2025-15260
CVE-2025-15260: Missing Authorization / Broken Access Control...
EUVD-2025-206797
The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...
PT-2026-5883
Name of the Vulnerable Software and Affected Versions MyRewards – Loyalty Points and Rewards for WooCommerce plugin versions prior to 5.6.1 Description The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress does not properly verify user authorization when performing actio...