cleantalk
Vulnerabilities and Security Researches

MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more, CVE-2025-24757

CVE, Research URL

CVE-2025-24757

Home page URL

Security reports for MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more

Application

MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more

Published on
Jul 04, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Long Watch Studio MyRewards allows Stored XSS. This issue affects MyRewards: from n/a through 5.4.13.1.
Affected versions
Min -, max 5.4.14.
Status
vulnerable
Previous vulnerability researches
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder (CVE-2024-50477) , Oct 29, 2024
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder (CVE-2024-50528) , Nov 03, 2024
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder (CVE-2024-50527) , Nov 03, 2024
App Builder – Create Native Android & iOS Apps On The Flight (CVE-2024-9302) , Oct 26, 2024
App Builder – Create Native Android & iOS Apps On The Flight (CVE-2024-7651) , Aug 22, 2024
New vulnerability
MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more (CVE-2025-24757) , Jul 06, 2025
File Manager (CVE-2025-27358) , Jul 06, 2025
Booking Calendar Contact Form (CVE-2025-48231) , Jul 06, 2025
NGG Smart Image Search (CVE-2025-52832) , Jul 05, 2025
(Simply) Guest Author Name (CVE-2025-24764) , Jul 05, 2025