myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin, CVE-2026-24951
- CVE, Research URL
- Home page URL
- Published on
- Feb 03, 2026
- Research Description
- Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.7.3.
- Affected versions
-
max 2.9.7.3.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| Endless Posts Navigation (CVE-2026-25332) , Feb 27, 2026 |
| Endless Posts Navigation (CVE-2024-49629) , Oct 22, 2024 |