cleantalk
Vulnerabilities and Security Researches

MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more, CVE-2025-24757

CVE, Research URL

CVE-2025-24757

Home page URL

Security reports for MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more

Application

MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more

Published on
Jul 04, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Long Watch Studio MyRewards allows Stored XSS. This issue affects MyRewards: from n/a through 5.4.13.1.
Affected versions
Min -, max 5.4.14.
Status
vulnerable
Previous vulnerability researches
qTranslate X Cleanup and WPML Import (CVE-2023-29431) , Jun 10, 2024
qTranslate X Cleanup and WPML Import (3c61cc8784ba3fb4275d8a966376f27f2f15796d) , Jun 06, 2024
New vulnerability
fluXtore Funnel Builder for WordPress – Earn More with Highly Converting Sales Funnels (CVE-2025-30929) , Jul 07, 2025
WC Pickup Store (CVE-2025-47634) , Jul 07, 2025
MF Plus WPML (CVE-2025-49431) , Jul 07, 2025
Cool fade popup (CVE-2025-30947) , Jul 07, 2025
MyRewards – Loyalty Points and Rewards for WooCommerce – Reward orders, referrals, product reviews and more (CVE-2025-24757) , Jul 06, 2025