Medium severity6.1NVD Advisory· Published Jan 23, 2026· Updated Apr 9, 2026
CVE-2018-25132
CVE-2018-25132
Description
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:mybb:trending_widget:1.2:*:*:*:*:mybb:*:*+ 1 more
- cpe:2.3:a:mybb:trending_widget:1.2:*:*:*:*:mybb:*:*
- (no CPE)range: =1.2
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/49504nvdExploitVDB Entry
- www.vulncheck.com/advisories/mybb-trending-widget-plugin-cross-site-scriptingnvdThird Party Advisory
News mentions
0No linked articles in our index yet.