CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 6 days ago•10 views

CVE-2026-42676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS0.00033EPSS

Vulnrichment•added 6 days ago•5 views

CVE-2026-42676 WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

CVE•added 6 days ago•8 views

CVE-2026-42676

The CVE-2026-42676 entry documents a Stored XSS vulnerability in the WordPress myCred plugin, affecting versions from n/a through 3.0.4. The root cause is improper input neutralization during web page generation, enabling injected scripts to be stored and served in pages. Multiple connected sourc...

Cvelist•added 6 days ago•21 views

CVE-2026-42676 WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

6.5CVSS0.00033EPSS

EUVD•added 6 days ago•6 views

EUVD-2026-33687

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

CNNVD•added 6 days ago•5 views

WordPress plugin myCred has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.6AI score0.00033EPSS

Positive Technologies•added 6 days ago•8 views

PT-2026-45463

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4...

Patchstack•added 2026/05/15 7:46 p.m.•6 views

WordPress myCred plugin <= 3.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin myCred versions = 3.0.4...

Exploits0Affected Software1

Patchstack•added 2026/04/24 9:29 p.m.•3 views

WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin myCred versions = 3.0.3...

5.1AI score

Exploits0Affected Software1

RedhatCVE•added 2026/02/21 1:31 a.m.•2 views

CVE-2026-27440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

6.5CVSS5.9AI score0.00045EPSS

NVD•added 2026/02/19 9:18 p.m.•3 views

CVE-2026-27440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

6.5CVSS0.00045EPSS

Cvelist•added 2026/02/19 8:35 p.m.•20 views

CVE-2026-27440 WordPress myCred plugin <= 2.9.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

6.5CVSS0.00045EPSS

Vulnrichment•added 2026/02/19 8:35 p.m.•2 views

CVE-2026-27440 WordPress myCred plugin <= 2.9.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

6.5CVSS5.2AI score0.00045EPSS

ATTACKERKB•added 2026/02/19 8:35 p.m.•2 views

CVE-2026-27440

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in myCred mycred allows Stored XSS.This issue affects myCred: from n/a through 2.9.7.6...

6.5CVSS5.8AI score0.00045EPSS

Exploits0References3

CVE•added 2026/02/19 8:35 p.m.•8 views

CVE-2026-27440

The CVE-2026-27440 entry concerns a Stored XSS in the WordPress plugin myCred (versions up to 2.9.7.6). According to cited sources (NVD/Red Hat/CVE list and Patchstack), the vulnerability arises from improper neutralization of input during web page generation, enabling Cross-Site Scripting. The b...

6.5CVSS5.9AI score0.00045EPSS

Positive Technologies•added 2026/02/19 12:0 a.m.•4 views

PT-2026-20936

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through = 2.9.7.6...

5.5AI score0.00045EPSS

CNNVD•added 2026/02/19 12:0 a.m.•3 views

WordPress plugin myCred 安全漏洞

6.5CVSS5.8AI score0.00045EPSS

RedhatCVE•added 2026/02/15 1:28 p.m.•4 views

CVE-2026-0550

The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycredloadcoupon' shortcode in all versions up to, and including, 2.9.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00043EPSS

Cvelist•added 2026/02/14 8:26 a.m.•21 views

CVE-2026-0550 myCred <= 2.9.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode

6.4CVSS0.00043EPSS