CVE-2026-4133

The TextP2P Texting Widget WordPress plugin (versions ≤ 1.7) is vulnerable to Cross-Site Request Forgery due to missing nonce validation in imTextP2POptionPage(). The settings form (line 314) lacks wp_nonce_field(), and the POST handler (line 7) does not call check_admin_referer() or wp_verify_no...

CVE-2024-8200

The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'updateapikey'...