CVE-2026-42676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

PT-2026-45463

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

CVE-2026-27440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

WordPress Plugin myCred Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin myCred has an information disclosure vulnerability, the vulnerability stems fr...

EUVD-2021-11667

Malware in sbrugna...

EUVD-2024-40110

Malicious code in bioql PyPI...

CVE-2025-54667

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Saad Iqbal myCred mycred allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions.This issue affects myCred: from n/a through = 2.9.4.3...

CVE-2025-54667

Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Saad Iqbal myCred mycred allows Leveraging Time-of-Check and Time-of-Use TOCTOU Race Conditions.This issue affects myCred: from n/a through = 2.9.4.3...

WordPress myCred plugin <= 2.9.4.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin myCred versions = 2.9.4.3...

CVE-2025-49857 WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 2.9.4.2...

CVE-2025-49857

CVE-2025-49857 concerns the WordPress plugin myCred (WP plugin) with versions up to and including 2.9.4.2. The initial description and connected Red Hat/RedTeam-style sources indicate a Missing Authorization / Broken Access Control vulnerability, arising from incorrectly configured access control...

CVE-2025-49872 WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WPExperts.io myCred allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects myCred: from n/a through 2.9.4.2...

PT-2025-25728 · Mycred · Mycred

Name of the Vulnerable Software and Affected Versions: myCred versions n/a through 2.9.4.2 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions n/a through 2.9.4.2, update t...

PT-2025-25718 · Mycred · Mycred

Name of the Vulnerable Software and Affected Versions: myCred versions 2.9.4.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For myCred versions 2.9.4.2 a...

CVE-2024-10187

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycredlink shortcode in all version...

CVE-2024-43354

Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through = 2.7.2...

WordPress myCred plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mycredsend Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin myCred versions = 2.7.5.2...

PT-2024-30377 · Mycred · Mycred

Name of the Vulnerable Software and Affected Versions: myCred versions 2.6.x through 2.7.2 Description: The issue is related to a Missing Authorization vulnerability in myCred. This vulnerability may expose sensitive data. Users are urged to upgrade to mitigate the risk. Recommendations: For...

WordPress plugin myCred 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. security vulnerabilities in versions of the WordPress plugin myCred prior to 2.4.4 stem from the followin...