CVE-2018-25132

MEDIUM

MyBB Trending Widget Plugin 1.2 - XSS

Title source: llm

Description

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.

Exploits (1)

exploitdb WORKING POC

by 0xB9 · textwebappsphp

https://www.exploit-db.com/exploits/49504

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49504

[Various Sources] https://github.com/zainali99/trends-widget

[Third Party Advisory] https://www.vulncheck.com/advisories/mybb-trending-widget-plugin-cross-site-scripting

Scores

CVSS v3 6.1

EPSS 0.0003

EPSS Percentile 9.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

mybb/trending_widget 1.2

Published Jan 23, 2026

Tracked Since Feb 18, 2026