CVE-2021-24755

HIGH EXPLOITED

myCred WordPress <2.3 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-24755 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/01419d03-54d6-413d-9a67-64c63c26d741

Scores

CVSS v3 8.8
EPSS 0.0132
EPSS Percentile 67.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-11-01
CWE
CWE-89
Status published
Products (1)
wpexperts/mycred < 2.3
Published Nov 29, 2021
Tracked Since Feb 18, 2026