myCred
Saad Iqbal
Developer
2.9.7.1
Latest version
10,000
Installations
No date
Last updated
Vulnerability history
0 present
23 fixed
8 Mitigation rules
- Missing Authorization to Unauthenticated Withdrawal Request Approval vulnerability<= 2.9.72 days ago
- Cross Site Scripting (XSS) Vulnerability<= 2.9.4.3Jul 30, 2025
- Race Condition Vulnerability<= 2.9.4.3Jul 30, 2025
- Broken Access Control Vulnerability<= 2.9.4.2Jun 12, 2025
- Broken Access Control Vulnerability<= 2.9.4.2Jun 12, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode vulnerability<= 2.7.5.2Dec 5, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 2.7.4Nov 7, 2024
- Missing Authorization to Unauthenticated Database Upgrade vulnerability<= 2.7.3Sep 25, 2024
- PHP Object Injection vulnerability<= 2.7.2Aug 16, 2024
- Cross Site Scripting (XSS) vulnerability<= 2.7.2Aug 16, 2024
- Sensitive Data Exposure vulnerability<= 2.7.2Aug 9, 2024
- Cross Site Scripting (XSS) vulnerability<= 2.6.3Apr 22, 2024
- Cross Site Scripting (XSS) vulnerability<= 2.6.1Nov 20, 2023
- Reflected Cross Site Scripting (XSS) vulnerability< 2.5.3Jul 18, 2023
- Cross Site Request Forgery (CSRF)<= 2.5Jun 15, 2023
- User E-mail Addresses Disclosure vulnerability<= 2.4.4Apr 4, 2022
- Arbitrary Post Creation vulnerability<= 2.4.3Mar 29, 2022
- Import/Export to Email Address Disclosure vulnerability<= 2.4.3Mar 29, 2022
- Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability<= 2.4.3Feb 28, 2022
- Sensitive Information Disclosure vulnerability<= 2.4.3Feb 28, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 2.3.2Dec 27, 2021
- SQL Injection (SQLi) vulnerability<= 2.2Nov 1, 2021
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.7.7Apr 20, 2017