Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred

Vulnerabilities 33Slug mycredLatest version 3.0.6WordPress.org →

Minimum safe version

3.0.4

Update to 3.0.4 or later to address 33 fixable vulnerabilities

Latest available3.0.6
N/A
2026-04-24< 3.0.4

Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred <= 3.0.3 - Missing Authorization

WordfenceCVE
N/A
2026-02-13< 2.9.7.4

myCred <= 2.9.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'mycred_load_coupon' Shortcode

WordfenceCVE
Medium 4.3
2026-02-06< 2.9.7.4

myCred <= 2.9.7.3 - Missing Authorization

WordfenceCVE
Medium 4.3
2025-12-19< 2.9.7.2

CVE-2025-12361

CVEWordfence
Medium 6.3
2024-10-16< 2.4.3.1

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE
N/A
< 2.4.4

myCred &lt; 2.4.4 - Reflected Cross-Site Scripting

WPScan
N/A
2023-07-18< 2.5.3

WordPress myCred Plugin < 2.5.3 is vulnerable to Cross Site Scripting (XSS)

PatchstackWPScanCVE
N/A
2023-06-14< 2.5.1

myCred <= 2.5 - Cross-Site Request Forgery

Wordfence
N/A
2022-03-04< 2.4.3.1

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence
N/A
2022-06-16< 2.4.7

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.6.1 - Cross-Site Scripting

Wordfence
N/A
2022-02-28< 2.4.3.1

WordPress myCred plugin <= 2.4.3 - Sensitive Information Disclosure vulnerability

Patchstack
N/A
2022-02-28< 2.4.3.1

WordPress myCred plugin <= 2.4.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack