MEDIUM
myCred
CVE published 2026-06-01
CVE-2026-42676
A stored cross-site scripting (XSS) vulnerability exists in the myCred WordPress plugin, affecting versions up to and including 3.0.4. The weakness stems from improper neutralization of input during web page generation (CWE-79), allowing an attacker with low privileges to inject and persist malicious scripts that execute in the context of other users' browsers. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C [truncated]