Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

257 matches found

RedhatCVE
RedhatCVEadded 2 days ago3 views

CVE-2026-42676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.4AI score0.00033EPSS
Exploits0References1
NVD
NVDadded 6 days ago10 views

CVE-2026-42676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS0.00033EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 6 days ago5 views

CVE-2026-42676 WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.8AI score0.00033EPSS
Exploits0References1
CVE
CVEadded 6 days ago8 views

CVE-2026-42676

The CVE-2026-42676 entry documents a Stored XSS vulnerability in the WordPress myCred plugin, affecting versions from n/a through 3.0.4. The root cause is improper input neutralization during web page generation, enabling injected scripts to be stored and served in pages. Multiple connected sourc...

6.5CVSS5.8AI score0.00033EPSS
Exploits0References1
Cvelist
Cvelistadded 6 days ago21 views

CVE-2026-42676 WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS0.00033EPSS
Exploits0References1
EUVD
EUVDadded 6 days ago6 views

EUVD-2026-33687

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.8AI score0.00033EPSS
Exploits0References1
CNNVD
CNNVDadded 6 days ago5 views

WordPress plugin myCred has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00033EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 6 days ago8 views

PT-2026-45463

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS5.8AI score0.00033EPSS
Exploits0References2
Patchstack
Patchstackadded 2026/05/15 7:46 p.m.6 views

WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin myCred versions = 3.0.4...

6.5CVSS5.8AI score0.00033EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/04/24 9:29 p.m.3 views

WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin myCred versions = 3.0.3...

5.1AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/21 1:31 a.m.2 views

CVE-2026-27440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

6.5CVSS5.9AI score0.00045EPSS
Exploits0References1
NVD
NVDadded 2026/02/19 9:18 p.m.2 views

CVE-2026-27440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

6.5CVSS0.00045EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/19 8:35 p.m.20 views

CVE-2026-27440 WordPress myCred plugin <= 2.9.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

6.5CVSS0.00045EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/19 8:35 p.m.2 views

CVE-2026-27440 WordPress myCred plugin <= 2.9.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

6.5CVSS5.2AI score0.00045EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/19 8:35 p.m.2 views

CVE-2026-27440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred mycred allows Stored XSS.This issue affects myCred: from n/a through 2.9.7.6...

6.5CVSS5.8AI score0.00045EPSS
Exploits0References3
CVE
CVEadded 2026/02/19 8:35 p.m.7 views

CVE-2026-27440

The CVE-2026-27440 entry concerns a Stored XSS in the WordPress plugin myCred (versions up to 2.9.7.6). According to cited sources (NVD/Red Hat/CVE list and Patchstack), the vulnerability arises from improper neutralization of input during web page generation, enabling Cross-Site Scripting. The b...

6.5CVSS5.9AI score0.00045EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/02/19 12:0 a.m.4 views

PT-2026-20936

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

5.5AI score0.00045EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/02/19 12:0 a.m.3 views

WordPress plugin myCred 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00045EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/02/15 1:28 p.m.4 views

CVE-2026-0550

The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycredloadcoupon' shortcode in all versions up to, and including, 2.9.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00043EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/14 8:26 a.m.21 views

CVE-2026-0550 myCred <= 2.9.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode

The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycredloadcoupon' shortcode in all versions up to, and including, 2.9.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00043EPSS
Exploits0References2
Rows per page
Query Builder