Exploitation Summary
CVE-2021-24755 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/01419d03-54d6-413d-9a67-64c63c26d741
Scores
CVSS v3
8.8
EPSS
0.0132
EPSS Percentile
67.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2021-11-01
CWE
CWE-89
Status
published
Products (1)
wpexperts/mycred
< 2.3
Published
Nov 29, 2021
Tracked Since
Feb 18, 2026