cleantalk
Vulnerabilities and Security Researches

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin, 9293961e-9678-4d25-ad20-59ae79dc5c43

CVE, Research URL

9293961e-9678-4d25-ad20-59ae79dc5c43

Home page URL

Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin

Application

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin

Published on
-
Research Description
Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program &#8211; myCred [mycred] < 2.4.4 myCred &lt; 2.4.4 - Reflected Cross-Site Scripting The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting
Affected versions
max 2.4.4.
Status
vulnerable
Previous vulnerability researches
myCred Elementor (CVE-2024-49702) , Oct 25, 2024
myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin (CVE-2023-33999) , Jun 13, 2026
myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin (CVE-2024-43214) , Aug 13, 2024
myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin (CVE-2026-8607) , Jun 18, 2026
myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin (CVE-2026-42676) , May 22, 2026
New vulnerability
ABC Crypto Checkout (CVE-2026-52695) , Jun 18, 2026
WordPress File Sharing Plugin (CVE-2026-10093) , Jun 18, 2026
Gallery Plugin for WordPress &#8211; Envira Photo Gallery (CVE-2026-54190) , Jun 18, 2026
WooCommerce POS (CVE-2026-52711) , Jun 18, 2026
GetGenie – Ai Content Writer with Keyword Research and Competitor Analysis (CVE-2026-54197) , Jun 18, 2026