VYPR

Textp2p Texting Widget

by WordPress

Source repositories

CVEs (1)

  • CVE-2026-4133MedApr 22, 2026
    risk 0.28cvss 4.3epss 0.00

    The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage() function which processes settings updates. The form at line 314 does not…