myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin, CVE-2026-27440
- CVE, Research URL
- Home page URL
- Published on
- Feb 20, 2026
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.7.6.
- Affected versions
-
max 2.9.7.6.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| Remove Duplicate Posts (1f5faa66dc6d492718ce5db9c3895b5840416340) , Jun 07, 2024 |
| Remove Duplicate Posts (CVE-2023-29237) , Jun 10, 2024 |