Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-54ut-8m7y-k3h1
SummaryThe myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information including user IDs, display names, and email addresses of all users on the site via the get_bank_accounts AJAX action. Passwords are not exposed.
Aliases
0
alias CVE-2025-12361
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12361
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10377
published_at 2026-06-13T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10353
published_at 2026-06-14T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10372
published_at 2026-06-12T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.1032
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12361
1
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/43b05697-bc36-4f32-86b4-2feef892fe42?source=cve
reference_id 43b05697-bc36-4f32-86b4-2feef892fe42?source=cve
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T15:33:34Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/43b05697-bc36-4f32-86b4-2feef892fe42?source=cve
2
reference_url https://plugins.trac.wordpress.org/browser/mycred/tags/2.9.5.1/addons/banking/services/mycred-service-central.php#L172
reference_id mycred-service-central.php#L172
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T15:33:34Z/
url https://plugins.trac.wordpress.org/browser/mycred/tags/2.9.5.1/addons/banking/services/mycred-service-central.php#L172
3
reference_url https://plugins.trac.wordpress.org/changeset/3421768/mycred/trunk?contextall=1&old=3417299&old_path=%2Fmycred%2Ftrunk
reference_id trunk?contextall=1&old=3417299&old_path=%2Fmycred%2Ftrunk
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-19T15:33:34Z/
url https://plugins.trac.wordpress.org/changeset/3421768/mycred/trunk?contextall=1&old=3417299&old_path=%2Fmycred%2Ftrunk
Weaknesses
0
cwe_id 862
name Missing Authorization
description The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Exploits
Severity_range_score4.3 - 4.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-54ut-8m7y-k3h1