| CVE-2026-1929 | Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter | mihail-barinov | Advanced Woo Labels – Product Labels & Badges for WooCommerce | High | 8.8 | 2026-02-25 08:25:32 | Deep Dive |
| CVE-2026-0550 | myCred <= 2.9.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 6.4 | 2026-02-14 08:26:48 | Deep Dive |
| CVE-2025-13812 | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | Medium | 4.3 | 2026-01-06 07:22:13 | Deep Dive |
| CVE-2025-12361 | myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7.1 - Missing Authorization to Sensitive Information Exposure | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 4.3 | 2025-12-19 09:29:48 | Deep Dive |
| CVE-2025-12362 | myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request Approval | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 5.3 | 2025-12-13 05:42:41 | Deep Dive |
| CVE-2024-13909 | Accredible Certificates & Open Badges <= 1.4.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter | accredible | Accredible Certificates & Open Badges | Medium | 4.9 | 2025-04-10 07:02:41 | Deep Dive |
| CVE-2025-31804 | WordPress Follow Us Badges plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability | DraftPress Team | Follow Us Badges | Medium | 6.5 | 2025-04-01 14:51:36 | Deep Dive |
| CVE-2024-12109 | Product Labels For Woocommerce < 1.5.9 - Admin+ SQLi | Unknown | Product Labels For Woocommerce (Sale Badges) | 中危 | - | 2025-03-25 06:00:11 | Deep Dive |
| CVE-2024-10638 | Product Labels For Woocommerce < 1.5.11 - Admin+ SQLi | Unknown | Product Labels For Woocommerce (Sale Badges) | 中危 | - | 2025-03-25 06:00:09 | Deep Dive |
| CVE-2025-23949 | WordPress Improved Sale Badges – Free Version Plugin <= 1.0.1 - Local File Inclusion vulnerability | dzeriho | Improved Sale Badges – Free Version | High | 8.1 | 2025-01-22 14:29:25 | Deep Dive |
| CVE-2024-13496 | GamiPress <= 7.3.1 - Unauthenticated SQL Injection via orderby Parameter | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 7.5 | 2025-01-22 11:07:59 | Deep Dive |
| CVE-2024-13499 | GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 7.3 | 2025-01-22 11:07:58 | Deep Dive |
| CVE-2024-13495 | GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 7.3 | 2025-01-22 11:07:57 | Deep Dive |
| CVE-2024-11201 | myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 6.4 | 2024-12-06 05:26:14 | Deep Dive |
| CVE-2024-11036 | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings | rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | High | 7.3 | 2024-11-19 11:02:29 | Deep Dive |
| CVE-2024-10187 | myCred <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_link Shortcode | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 6.4 | 2024-11-08 09:29:34 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-47180 | Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges | badges | shields | High | 8.8 | 2024-09-26 19:21:05 | Deep Dive |
| CVE-2024-8658 | myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 5.3 | 2024-09-25 05:32:10 | Deep Dive |
| CVE-2024-3280 | Follow Us Badges <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode | draftpress | Follow Us Badges | Medium | 6.4 | 2024-05-02 07:34:30 | Deep Dive |