VYPR

Word 2 Cash

by Word 2 Cash

CVEs (1)

  • CVE-2026-6395MedMay 20, 2026
    risk 0.40cvss 6.1epss 0.00

    The Word 2 Cash plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in versions up to and including 0.9.2. This is due to the complete absence of nonce verification on the settings save handler in the w2c_admin() function,…