CVE-2026-8607

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...

CVE-2026-8607 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...

CVE-2026-40794 WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in myCred = 3.0.3 versions...

CVE-2026-42676 WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

WordPress plugin myCred 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin myCred versions = 3.0.4...

WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin myCred versions = 3.0.3...

CVE-2026-27440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

CVE-2026-27440 WordPress myCred plugin <= 2.9.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

CVE-2026-27440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred mycred allows Stored XSS.This issue affects myCred: from n/a through 2.9.7.6...

WordPress plugin myCred 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20936

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

CVE-2026-0550 myCred <= 2.9.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode

The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycredloadcoupon' shortcode in all versions up to, and including, 2.9.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2026-0550

CVE-2026-0550 affects the WordPress myCred plugin (versions

CVE-2026-0550 myCred <= 2.9.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode

The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycredloadcoupon' shortcode in all versions up to, and including, 2.9.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin myCred 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

PT-2026-8096

The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycred load coupon' shortcode in all versions up to, and including, 2.9.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

WordPress myCred plugin <= 2.9.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'mycredloadcoupon' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin myCred versions = 2.9.7.3...

CVE-2026-24951

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 2.9.7.3...

CVE-2026-24951 WordPress myCred plugin <= 2.9.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 2.9.7.3...