CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

268 matches found

CVE-2026-8607

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...

6.4CVSS0.00269EPSS

Exploits0References8

Cvelist•added 2026/06/17 6:49 a.m.•24 views

CVE-2026-8607 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute

6.4CVSS0.00269EPSS

Exploits0References8

CVE•added 2026/06/17 6:49 a.m.•6 views

CVE-2026-8607

The CVE concerns the WordPress plugin myCred (Points Management System for Gamification)

6.4CVSS5.5AI score0.00269EPSS

Exploits0References8

EUVD•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-36997

Subscriber Broken Access Control in myCred = 3.0.3 versions...

6.5CVSS5.1AI score0.00279EPSS

Exploits0References2

NVD•added 2026/06/15 9:16 p.m.•6 views

CVE-2026-40794

Subscriber Broken Access Control in myCred = 3.0.3 versions...

6.5CVSS0.00279EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•8 views

CVE-2026-40794

The CVE concerns WordPress plugin myCred ≤ 3.0.3 with a Broken Access Control vulnerability. Affected software: WordPress plugin myCred (versions up to 3.0.3). The provided sources identify the issue but do not disclose the exact root cause, affected functions/files, or concrete impact details be...

6.5CVSS5.1AI score0.00279EPSS

Exploits0References1

Vulnrichment•added 2026/06/15 8:18 p.m.•7 views

CVE-2026-40794 WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in myCred = 3.0.3 versions...

6.5CVSS5.1AI score0.00279EPSS

Exploits0References1

Cvelist•added 2026/06/15 8:18 p.m.•25 views

CVE-2026-40794 WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in myCred = 3.0.3 versions...

6.5CVSS0.00279EPSS

Exploits0References1

Positive Technologies•added 2026/06/15 12:0 a.m.•10 views

PT-2026-49431

Subscriber Broken Access Control in myCred = 3.0.3 versions...

6.5CVSS5.1AI score0.00279EPSS

Exploits0References2

RedhatCVE•added 2026/06/05 7:30 p.m.•7 views

CVE-2026-42676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.4AI score0.0013EPSS

Exploits0References1

NVD•added 2026/06/01 5:17 p.m.•15 views

CVE-2026-42676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS0.0013EPSS

Exploits0References1

Cvelist•added 2026/06/01 3:17 p.m.•23 views

CVE-2026-42676 WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS0.0013EPSS

Exploits0References1

Vulnrichment•added 2026/06/01 3:17 p.m.•8 views

CVE-2026-42676 WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.8AI score0.0013EPSS

Exploits0References1

EUVD•added 2026/06/01 3:17 p.m.•11 views

EUVD-2026-33687

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.8AI score0.0013EPSS

Exploits0References1

CVE•added 2026/06/01 3:17 p.m.•15 views

CVE-2026-42676

The CVE-2026-42676 entry documents a Stored XSS vulnerability in the WordPress myCred plugin, affecting versions from n/a through 3.0.4. The root cause is improper input neutralization during web page generation, enabling injected scripts to be stored and served in pages. Multiple connected sourc...

6.5CVSS5.8AI score0.0013EPSS

Exploits0References1

CNNVD•added 2026/06/01 12:0 a.m.•8 views

WordPress plugin myCred 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5AI score0.0013EPSS

Exploits0References1

Positive Technologies•added 2026/06/01 12:0 a.m.•19 views

PT-2026-45463

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.8AI score0.0013EPSS

Exploits0References2

Patchstack•added 2026/05/15 7:46 p.m.•7 views

WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin myCred versions = 3.0.4...

6.5CVSS5.8AI score0.0013EPSS

Exploits0Affected Software1

Patchstack•added 2026/04/24 9:29 p.m.•4 views

WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin myCred versions = 3.0.3...

5.1AI score0.00279EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/02/21 1:31 a.m.•7 views

CVE-2026-27440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

6.5CVSS5.9AI score0.00182EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by