CVE-2026-42676NVD

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.

This issue affects myCred: from n/a through 3.0.4.

Severity Level

MEDIUM (6.5)

Published Date

01/06/2026

Last Modified

01/06/2026

Exploitation Status

????

References

https://patchstack.com/database/wordpress/plugin/mycred/vulnerability/wordpress-mycred-plugin-3-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve