cleantalk
Vulnerabilities and Security Researches

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin, CVE-2026-42676

CVE, Research URL

CVE-2026-42676

Home page URL

Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin

Application

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin

Published on
Jun 01, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS. This issue affects myCred: from n/a through 3.0.4.
Affected versions
max 3.0.5.
Status
vulnerable
Previous vulnerability researches
myCred Elementor (CVE-2024-49702) , Oct 25, 2024
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2023-33999) , Jun 13, 2026
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2024-43214) , Aug 13, 2024
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-8607) , Jun 18, 2026
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-42676) , May 22, 2026
New vulnerability
ABC Crypto Checkout (CVE-2026-52695) , Jun 18, 2026
WordPress File Sharing Plugin (CVE-2026-10093) , Jun 18, 2026
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2026-54190) , Jun 18, 2026
WooCommerce POS (CVE-2026-52711) , Jun 18, 2026
GetGenie – Ai Content Writer with Keyword Research and Competitor Analysis (CVE-2026-54197) , Jun 18, 2026