Overview
- Description
- The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-79
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10187 (Published: 2024-11-08) - A high-severity vulnerability in myCred plugin for WordPress affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. Stay secure! 🔒 More info: https://t.co/vTvosFAhSS #WordPress… https:
@transilienceai
11 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10187 (Published: 2024-11-08) - A high-severity vulnerability in the myCred plugin for WordPress affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details, visit: https://t.co/vTvosFAhSS #WordPress… http
@transilienceai
11 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10187 (Published: 2024-11-08) - A high-severity vulnerability in myCred plugin affects versions prior to the latest update. Users are urged to upgrade to the patched version immediately to mitigate risks. Stay secure! 🔒 More info: https://t.co/o7WpGgwboB #WordPress…
@transilienceai
11 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10187 (Published: 2024-11-08) - A high-severity vulnerability in myCred plugin affects versions prior to the latest update. Users are urged to upgrade to the patched version immediately to mitigate risks. Stay secure! 🔒 More info: https://t.co/o7WpGgwboB #WordPress…
@transilienceai
11 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10187 (Published: 2024-11-08) - A high-severity vulnerability in myCred plugin affects versions prior to the latest update. Users are urged to upgrade to the patched version immediately to mitigate risks. Stay secure! 🔒 More info: https://t.co/o7WpGgwboB #WordPress…
@transilienceai
11 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10187 Stored XSS Vulnerability in myCred Plugin Allows Arbitrary Script Injection The myCred plugin for WordPress, used for Loyalty Points and Rewards, has a Stored Cross-Site Scripting (XSS) issue. This... https://t.co/bGO2e3VS01
@VulmonFeeds
8 Nov 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10187 The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for … https://t.co/ArLeB6yFaZ
@CVEnew
8 Nov 2024
428 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mycred:mycred:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "0F83CAEC-2830-4C7D-9542-8863E62E1695",
"versionEndExcluding": "2.7.5"
}
],
"operator": "OR"
}
]
}
]