WP-Safety

myCred – Zapier Integration Security & Risk Analysis

wordpress.org/plugins/mycred-zapier

Boost myCred with myCred Zapier! Automate rewards & connect to 3000+ apps using custom webhooks. Effortless setup to boost productivity.

10 active installs v1.0.9 PHP 7.0+ WP 5.8+ Updated Apr 17, 2025
automationintegrationmycredpoints-systemzapier
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is myCred – Zapier Integration Safe to Use in 2026?

Generally Safe

Score 100/100

myCred – Zapier Integration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

The "mycred-zapier" v1.0.9 plugin presents a significant security risk due to a large attack surface with no authentication or authorization checks on its entry points. All 6 identified REST API routes lack permission callbacks, meaning any authenticated user, regardless of role, could potentially interact with these endpoints. While the code analysis indicates good practices in using prepared statements for SQL queries and a lack of dangerous functions or file operations, the absence of capability checks and nonce verification on these REST API routes is a critical oversight. The vulnerability history shows no past issues, which is positive, but it doesn't mitigate the current high-risk configuration. The plugin's security posture is concerningly weak in its access control mechanisms despite seemingly solid internal coding practices. The lack of output escaping on over half of the identified outputs also introduces a risk of cross-site scripting (XSS) vulnerabilities.

Key Concerns

  • REST API routes without permission callbacks
  • Unprotected AJAX handlers (0 without auth checks)
  • Unescaped output detected
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

myCred – Zapier Integration Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

myCred – Zapier Integration Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
4
5 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

56% escaped9 total outputs
Attack Surface
6 unprotected

myCred – Zapier Integration Attack Surface

Entry Points6
Unprotected6

REST API Routes 6

POST/wp-json/zapier/v1/authincludes\mycred-zapier-api.php:14
POST/wp-json/zapier/v1/earned-logsincludes\mycred-zapier-api.php:19
POST/wp-json/zapier/v1/deducted-logsincludes\mycred-zapier-api.php:24
POST/wp-json/zapier/v1/earned-badgesincludes\mycred-zapier-api.php:29
POST/wp-json/zapier/v1/earned-ranksincludes\mycred-zapier-api.php:34
POST/wp-json/zapier/v1/lost-ranksincludes\mycred-zapier-api.php:39
WordPress Hooks 10
filtermycred_load_modulesincludes\class-mycred-zapier.php:2
actionmycred_rank_promotedincludes\class-mycred-zapier.php:43
actionmycred_rank_demotedincludes\class-mycred-zapier.php:44
actionmycred_after_badge_assignincludes\class-mycred-zapier.php:45
actionmycred_zapier_clean_logsincludes\class-mycred-zapier.php:46
actionadmin_enqueue_scriptsincludes\class-mycred-zapier.php:55
actionrest_api_initincludes\mycred-zapier-api.php:9
actionplugins_loadedmycred-zapier.php:42
actionadmin_noticesmycred-zapier.php:44
actionadmin_noticesmycred-zapier.php:71

Scheduled Events 1

mycred_zapier_clean_logs
Maintenance & Trust

myCred – Zapier Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 17, 2025
PHP min version7.0
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

myCred – Zapier Integration Alternatives

Zapier for WordPress

Zapier for WordPress

zapier

A
98

Zapier saves you time on tedious tasks by moving info between WordPress and your other favorite apps, so you can focus on your most important work.

50K 2 CVEs
Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

bit-integrations

A
98

Perfect Automation and integration plugin: Connect 300+ platforms and automate CRM, Email marketing tools, Google Sheets, Contact forms, LMS and more

20K 1 CVE
Hookly – Webhook Automator

Hookly – Webhook Automator

hookly-webhook-automator

A
100

Connect WordPress events to external services via webhooks. A lightweight, developer-friendly automation tool.

0 No CVEs
CF7 to Webhook

CF7 to Webhook

cf7-to-zapier

A
100

Use Contact Form 7 as a trigger to any webhook!

30K No CVEs
WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress

WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress

wp-webhooks

A
87

Automate everything & connect your website, plugins and services together with no-code automations. Browse 100+ integrations...

20K 3 CVEs
Developer Profile

myCred – Zapier Integration Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
287 days
View full developer profile
Detection Fingerprints

How We Detect myCred – Zapier Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mycred-zapier/assets/js/zapier-settings-scripts.js
Script Paths
/wp-content/plugins/mycred-zapier/assets/js/zapier-settings-scripts.js
Version Parameters
mycred-zapier/assets/js/zapier-settings-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
mycred-zapier-form-control
Data Attributes
data-nonce
JS Globals
MYCRED_ZAPIER
REST Endpoints
/wp-json/mycredzapier/v1/hook
FAQ

Frequently Asked Questions about myCred – Zapier Integration