Unauthorized Data Modification Vulnerability in myCred Plugin

CVE-2024-8658

What is CVE-2024-8658?

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce has a significant vulnerability that allows unauthorized modification of data. This issue arises from a missing capability check in the mycred_update_database() function, affecting all versions up to and including 2.7.3. As a result, unauthenticated attackers could exploit this flaw to carry out unauthorized database upgrades, posing a risk to the integrity of the site's data. Website owners using this plugin should review their security measures to mitigate potential attacks and limit exposure to this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References