Access Control Flaw in myCred Plugin by Saad Iqbal
CVE-2026-61968

5.4MEDIUM

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-61968?

The myCred plugin developed by Saad Iqbal has a missing authorization vulnerability that allows for exploitation due to incorrectly configured access control security levels. This vulnerability can enable unauthorized users to gain access to restricted resources, potentially compromising the integrity of the site. Affected versions include all up to 3.1.2, making it critical for users to implement the latest updates and security measures to safeguard their WordPress installations.

Affected Version(s)

myCred 0 <= 3.1.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Riyas M S | Patchstack Bug Bounty Program
.