Does myCred LearnDash Points Importer have any unpatched vulnerabilities?

No. All known vulnerabilities in myCred LearnDash Points Importer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is myCred LearnDash Points Importer compatible with WordPress 6.8.5?

According to WordPress.org data, myCred LearnDash Points Importer 1.1.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is myCred LearnDash Points Importer updated?

myCred LearnDash Points Importer was last updated on Apr 17, 2025. Frequent updates are generally a positive security signal.

What is myCred LearnDash Points Importer's security score?

myCred LearnDash Points Importer has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

myCred LearnDash Points Importer Security & Risk Analysis

wordpress.org/plugins/mycred-learndash-points-importer

📢🚨 Important Notice: myCred LearnDash Points Importer is now part of the myCred Toolkit and will no longer receive updates here.

10 active installs v1.1.7 PHP + WP 4.8+ Updated Apr 17, 2025

gamificationlearndashlmsmycredpoints

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is myCred LearnDash Points Importer Safe to Use in 2026?

Generally Safe

Score 100/100

myCred LearnDash Points Importer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The plugin "mycred-learndash-points-importer" version 1.1.7 exhibits a concerning security posture primarily due to a significant lack of security checks on its single exposed entry point.

The static analysis reveals that the plugin has one AJAX handler that does not include any authentication checks. This is a major vulnerability, as it allows any user, including unauthenticated ones, to potentially interact with this handler. The absence of nonce checks and capability checks further exacerbates this issue, leaving the plugin vulnerable to various attacks, such as Cross-Site Request Forgery (CSRF) and unauthorized data manipulation.

While the plugin demonstrates good practices in output escaping and has no file operations or external HTTP requests, and crucially, has no recorded historical vulnerabilities, these strengths are overshadowed by the critical flaw in its AJAX handler. The lack of taint analysis flows is likely a consequence of the limited attack surface, but the absence of protective measures on that surface is a significant weakness. Until the unprotected AJAX handler is secured with appropriate authentication and capability checks, the plugin remains at high risk.

Key Concerns

Unprotected AJAX handler
Missing nonce checks
Missing capability checks
Raw SQL queries without prepare

Vulnerabilities

None known

myCred LearnDash Points Importer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

myCred LearnDash Points Importer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

100% escaped10 total outputs

Attack Surface

1 unprotected

myCred LearnDash Points Importer Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_mycred_learndash_points_importer_importmycred-learndash-points-importer.php:78

WordPress Hooks 4

actionadmin_noticesmycred-learndash-points-importer.php:28

actionadmin_enqueue_scriptsmycred-learndash-points-importer.php:75

actionadmin_noticesmycred-learndash-points-importer.php:76

actionmycred_after_core_prefsmycred-learndash-points-importer.php:77

Maintenance & Trust

myCred LearnDash Points Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 17, 2025

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

myCred LearnDash Points Importer Alternatives

WPLMS MyCred AddOn

wplms-mycred-addon

Connect WP LMS with MyCred platform

900 No CVEs

myCred – Learndash

mycred-learndash

100

📢 Important Notice: myCred Learndash is now part of the myCred Toolkit and will no longer receive updates here. Only security fixes will be provided.

200 No CVEs

myCred Tutor LMS – Gamification in eLearning

mycred-tutor-lms-gamification-in-elearning

100

Connect mycred with Tutor LMS

100 No CVEs

GamiPress – myCRED Importer

gamipress-mycred-importer

100

Tool to migrate all stored data from myCRED to GamiPress

10 No CVEs

myCred – GamiPress Importer

mycred-gamipress-importer

100

myCred GamiPress Importer helps you to transfer GamiPress achievements into myCred

10 No CVEs

Developer Profile

myCred LearnDash Points Importer Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

trust score

Avg Security Score

96/100

Avg Patch Time

287 days

View full developer profile

Detection Fingerprints

How We Detect myCred LearnDash Points Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mycred-learndash-points-importer/assets/js/custom.js/wp-content/plugins/mycred-learndash-points-importer/assets/css/style.css

Version Parameters

mycred-learndash-points-importer/assets/js/custom.js?ver=mycred-learndash-points-importer/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

mycred-ui-accordionmycred-ui-accordion-headermycred-ui-accordion-header-titlemycred-ui-accordion-header-iconmycred-ui-accordion-header-actionsmycred-ui-toggle-indicatormycred-ui-accordion-bodymycred_learndash_label+5 more

Data Attributes

id="mycred_learndash_points_importer_points_type"id="mycred_learndash_points_importer_workflow"id="mycred_learndash_points_importer_run"

FAQ