Vulnerabilities and security researches formycred mycred

Direction: descending

Jun 19, 2025

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2025-49857

CVE, Research URL: CVE-2025-49857
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Jun 17, 2025
Research Description: Missing Authorization vulnerability in WPExperts.io myCred allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects myCred: from n/a through 2.9.4.2.
Affected versions: Min -, max -.
Status: vulnerable

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2025-49872

CVE, Research URL: CVE-2025-49872
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Jun 17, 2025
Research Description: Missing Authorization vulnerability in WPExperts.io myCred allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects myCred: from n/a through 2.9.4.2.
Affected versions: Min -, max -.
Status: vulnerable

May 07, 2025

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2022-4974

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Dec 07, 2024

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-11201

CVE, Research URL: CVE-2024-11201
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Dec 06, 2024
Research Description: The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Nov 09, 2024

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-10187

CVE, Research URL: CVE-2024-10187
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Nov 08, 2024
Research Description: The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Sep 26, 2024

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-8658

CVE, Research URL: CVE-2024-8658
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Sep 25, 2024
Research Description: The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mycred_update_database() function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to upgrade an out of date database.
Affected versions: Min -, max -.
Status: vulnerable

Aug 20, 2024

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-43354

CVE, Research URL: CVE-2024-43354
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Aug 20, 2024
Research Description: Deserialization of Untrusted Data vulnerability in myCred allows Object Injection.This issue affects myCred: from n/a through 2.7.2.
Affected versions: Min -, max -.
Status: vulnerable

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-43353

CVE, Research URL: CVE-2024-43353
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Aug 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.7.2.
Affected versions: Min -, max -.
Status: vulnerable

Aug 13, 2024

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-43214

CVE, Research URL: CVE-2024-43214
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Aug 27, 2024
Research Description: Missing Authorization vulnerability in myCred.This issue affects myCred: from n/a through 2.7.2.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2022-1092

CVE, Research URL: CVE-2022-1092
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Apr 25, 2022
Research Description: The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog
Affected versions: Min -, max -.
Status: vulnerable

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2021-25015

CVE, Research URL: CVE-2021-25015
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Jan 24, 2022
Research Description: The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue
Affected versions: Min -, max -.
Status: vulnerable

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2023-35096

CVE, Research URL: CVE-2023-35096
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Jul 17, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.
Affected versions: Min -, max -.
Status: vulnerable

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2022-0287

CVE, Research URL: CVE-2022-0287
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Apr 25, 2022
Research Description: The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog
Affected versions: Min -, max -.
Status: vulnerable

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2021-24755

CVE, Research URL: CVE-2021-24755
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Nov 29, 2021
Research Description: The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
Affected versions: Min -, max -.
Status: vulnerable

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2017-20008

CVE, Research URL: CVE-2017-20008
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Nov 29, 2021
Research Description: The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting
Affected versions: Min -, max -.
Status: vulnerable

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2022-0363

CVE, Research URL: CVE-2022-0363
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Apr 25, 2022
Research Description: The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.
Affected versions: Min -, max -.
Status: vulnerable

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2023-47853

CVE, Research URL: CVE-2023-47853
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Nov 30, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1.
Affected versions: Min -, max -.
Status: vulnerable

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-32711

CVE, Research URL: CVE-2024-32711
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Date: Apr 24, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.6.3.
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches formycred mycred

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2025-49857

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2025-49872

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2022-4974

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2024-11201

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2024-10187

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2024-8658

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2024-43354

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2024-43353

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2024-43214

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2022-1092

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2021-25015

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2023-35096

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2022-0287

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2021-24755

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2017-20008

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2022-0363

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2023-47853

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin # CVE-2024-32711

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2025-49857

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2025-49872

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2022-4974

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-11201

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-10187

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-8658

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-43354

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-43353

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-43214

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2022-1092

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2021-25015

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2023-35096

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2022-0287

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2021-24755

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2017-20008

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2022-0363

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2023-47853

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin # CVE-2024-32711