Unauthorized Data Modification Vulnerability in myCred Plugin

CVE-2024-8658

Summary

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce has a significant vulnerability that allows unauthorized modification of data. This issue arises from a missing capability check in the mycred_update_database() function, affecting all versions up to and including 2.7.3. As a result, unauthenticated attackers could exploit this flaw to carry out unauthorized database upgrades, posing a risk to the integrity of the site's data. Website owners using this plugin should review their security measures to mitigate potential attacks and limit exposure to this vulnerability.

References