Vulnerabilities > Mycred

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-29	CVE-2017-20008	Cross-site Scripting vulnerability in Mycred The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting network low complexity mycred CWE-79	6.1
2021-11-29	CVE-2021-24755	SQL Injection vulnerability in Mycred The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user network low complexity mycred CWE-89	8.8

Vulnerabilities > Mycred {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Mycred"}]}