cleantalk
Vulnerabilities and Security Researches

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin, CVE-2017-20008

CVE, Research URL

CVE-2017-20008

Home page URL

Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin

Application

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin

Published on
Nov 29, 2021
Research Description
The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting
Affected versions
Min -, max 2.4.3.1.
Status
vulnerable
Previous vulnerability researches
myCred Elementor (CVE-2024-49702) , Oct 25, 2024
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2024-43214) , Aug 13, 2024
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2025-49857) , Jun 19, 2025
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2025-49872) , Jun 19, 2025
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2024-8658) , Sep 26, 2024
New vulnerability
Pixabay Images (CVE-2025-4413) , Jun 20, 2025
Meks Flexible Shortcodes (CVE-2025-49855) , Jun 20, 2025
CSV Me (CVE-2025-6086) , Jun 20, 2025
Ultimate Addons for Contact Form 7 (CVE-2025-6220) , Jun 19, 2025
Ebook Store (CVE-2025-49862) , Jun 19, 2025