CVE-2018-25132 MEDIUM

CVE-2018-25132: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting

Vendor Zainali99

Product MyBB Trending Widget Plugin

Weakness CWE-79 · XSS

Published January 23, 2026

Last update January 23, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.

Key dates

02Disclosure timeline

January 23, 2026 CVE published

January 23, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-25132 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-46878 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-3476 SimplePHPscripts GuestBook Script URL Parameter preview.php cross site scripting CVE-2021-36849 WordPress Social Media Share Buttons plugin <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability CVE-2024-0698 Easy!Appointments <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-9715 O2OA Personal Profile script cross site scripting