myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin, a23d8aef53d075db44275b5f2c7b5c60d4ece670

CVE, Research URL: a23d8aef53d075db44275b5f2c7b5c60d4ece670
Home page URL: Security reports for myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Application: myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin
Published on: Jun 16, 2022
Research Description: Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred [mycred] < 2.4.7 myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.6.1 - Cross-Site Scripting The myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 2.4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 2.4.7.
Status: vulnerable

myCred &#8211; Points, Rewards, Gamification, Ranks, Badges &amp; Loyalty Plugin, a23d8aef53d075db44275b5f2c7b5c60d4ece670