Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 26 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-27440 WordPress myCred plugin <= 2.9.7.6 - Cross Site Scripting (XSS) vulnerability Saad IqbalmyCred--2026-02-19 20:35:43 Deep Dive
CVE-2026-0550 myCred <= 2.9.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode saadiqbalPoints Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred Medium 6.4 2026-02-14 08:26:48 Deep Dive
CVE-2026-24951 WordPress myCred plugin <= 2.9.7.3 - Broken Access Control vulnerability Saad IqbalmyCred--2026-02-03 14:08:34 Deep Dive
CVE-2025-12361 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7.1 - Missing Authorization to Sensitive Information Exposure saadiqbalPoints Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred Medium 4.3 2025-12-19 09:29:48 Deep Dive
CVE-2025-12362 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request Approval saadiqbalPoints Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred Medium 5.3 2025-12-13 05:42:41 Deep Dive
CVE-2025-54668 WordPress myCred plugin <= 2.9.4.3 - Cross Site Scripting (XSS) Vulnerability Saad IqbalmyCred Medium 6.5 2025-08-14 10:34:38 Deep Dive
CVE-2025-54667 WordPress myCred plugin <= 2.9.4.3 - Race Condition Vulnerability Saad IqbalmyCred Medium 5.3 2025-08-14 10:34:38 Deep Dive
CVE-2025-49857 WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability Saad IqbalmyCred Medium 4.3 2025-06-17 15:01:21 Deep Dive
CVE-2025-49872 WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability Saad IqbalmyCred Medium 5.3 2025-06-17 15:01:16 Deep Dive
CVE-2024-11201 myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode saadiqbalPoints Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred Medium 6.4 2024-12-06 05:26:14 Deep Dive
CVE-2024-10187 myCred <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_link Shortcode saadiqbalPoints Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred Medium 6.4 2024-11-08 09:29:34 Deep Dive
CVE-2024-49702 WordPress myCred Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability Saad IqbalmyCred Elementor Medium 6.5 2024-10-24 12:28:26 Deep Dive
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks dashlabsltdYASR – Yet Another Star Rating Plugin for WordPress Medium 6.3 2024-10-16 06:43:30 Deep Dive
CVE-2024-8658 myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade saadiqbalPoints Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred Medium 5.3 2024-09-25 05:32:10 Deep Dive
CVE-2024-43214 WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure vulnerability Saad IqbalmyCred Medium 5.3 2024-08-26 20:21:59 Deep Dive
CVE-2024-43354 WordPress myCred plugin <= 2.7.2 - PHP Object Injection vulnerability Saad IqbalmyCred--2024-08-19 19:30:06 Deep Dive
CVE-2024-43353 WordPress myCred plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability Saad IqbalmyCred Medium 6.5 2024-08-18 13:02:54 Deep Dive
CVE-2024-32711 WordPress myCred plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability Saad IqbalmyCred Medium 6.5 2024-04-24 10:11:06 Deep Dive
CVE-2023-47853 WordPress myCred Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS) myCredmyCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin Medium 6.5 2023-11-30 16:49:12 Deep Dive
CVE-2023-35096 WordPress myCred Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) myCredmyCred Medium 5.4 2023-07-17 13:35:22 Deep Dive