CVE-2025-12362

Name of the Vulnerable Software and Affected Versions myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress versions through 2.9.7

Description The software does not properly verify user authorization, allowing unauthenticated attackers to perform actions without proper access. Specifically, attackers can approve withdrawal requests, modify user point balances, and manipulate the payment processing system. This is achieved through the cashcred pay now API endpoint.

Recommendations Update to version 2.9.7.1 or later.