5 matches found
WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Muhan Luo in WordPress Plugin MyRewards versions = 5.7.3...
📄 MyRewards 5.6.0 Missing Authorization
MyRewards – Loyalty Points and Rewards for WooCommerce versions 5.6.0 and below suffer from a missing authorization vulnerability that allows for privilege escalation. CVE-2025-15260: Missing Authorization / Broken Access Control in Plugin - MyRewards – Loyalty Points and Rewards for WooCommerce...
Exploit for CVE-2025-15260
CVE-2025-15260: Missing Authorization / Broken Access Control...
EUVD-2025-206797
The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 5.6.0. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'ajax' function. This makes it...
PT-2026-5883
Name of the Vulnerable Software and Affected Versions MyRewards – Loyalty Points and Rewards for WooCommerce plugin versions prior to 5.6.1 Description The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress does not properly verify user authorization when performing actio...