Vulnerabilities > CVE-2021-24755 - Unspecified vulnerability in Mycred

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mycred

NVD

Published: 2021-11-29

Updated: 2024-11-21

Summary

The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user

Vulnerable Configurations

Part	Description	Count
Application	Mycred Mycred Mycred - Mycred Mycred 2.0 Mycred Mycred 2.0.1 Mycred Mycred 2.0.2 Mycred Mycred 2.1 Mycred Mycred 2.1.0.1 Mycred Mycred 2.1.0.2 Mycred Mycred 2.1.0.3 Mycred Mycred 2.1.1 Mycred Mycred 2.2	10

References

https://wpscan.com/vulnerability/01419d03-54d6-413d-9a67-64c63c26d741
https://wpscan.com/vulnerability/01419d03-54d6-413d-9a67-64c63c26d741