myCred — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in myCred, with AI-generated Chinese analysis, references, and POCs.

Vendor: Unknown

CVE ID	Title	CVSS	Severity	Published
CVE-2026-27440	WordPress myCred plugin <= 2.9.7.6 - Cross Site Scripting (XSS) vulnerability CWE-79	5.4^AI	Medium^AI	2026-02-19
CVE-2026-24951	WordPress myCred plugin <= 2.9.7.3 - Broken Access Control vulnerability CWE-862	8.2^AI	High^AI	2026-02-03
CVE-2025-54667	WordPress myCred plugin <= 2.9.4.3 - Race Condition Vulnerability CWE-367	5.3	Medium	2025-08-14
CVE-2025-54668	WordPress myCred plugin <= 2.9.4.3 - Cross Site Scripting (XSS) Vulnerability CWE-79	6.5	Medium	2025-08-14
CVE-2025-49857	WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability CWE-862	4.3	Medium	2025-06-17
CVE-2025-49872	WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability CWE-862	5.3	Medium	2025-06-17
CVE-2024-43214	WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure vulnerability CWE-862	5.3	Medium	2024-08-26
CVE-2024-43354	WordPress myCred plugin <= 2.7.2 - PHP Object Injection vulnerability CWE-502	9.8^AI	Critical^AI	2024-08-19
CVE-2024-43353	WordPress myCred plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability CWE-79	6.5	Medium	2024-08-18
CVE-2024-32711	WordPress myCred plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability CWE-79	6.5	Medium	2024-04-24
CVE-2023-35096	WordPress myCred Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352	5.4	Medium	2023-07-17
CVE-2022-1092	myCred < 2.4.4 - Subscriber+ Import/Export to Email Address Disclosure	4.3	-	2022-04-25
CVE-2022-0363	myCred < 2.4.4 - Subscriber+ Arbitrary Post Creation	4.3	-	2022-04-25
CVE-2022-0287	Mycred < 2.4.4.1 - Subscriber+ User E-mail Addresses Disclosure	4.3	-	2022-04-25

All 14 known CVE vulnerabilities affecting myCred with full Chinese analysis, references, and POCs where available.