Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.4 views

CVE-2025-12400

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.3AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 2025/11/04 4:27 a.m.22 views

CVE-2025-12400

CVE-2025-12400 concerns the WordPress plugin LMB^Box Smileys. The vulnerability is a CSRF to Stored XSS in all versions up to 3.2, caused by missing or incorrect nonce validation in the plugin’s manage_page() function. As described, unauthenticated attackers can cause a site administrator to perf...

6.1CVSS5AI score0.00127EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/04 4:27 a.m.7 views

CVE-2025-12400 LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00127EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/04 4:27 a.m.4 views

CVE-2025-12400 LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS4.9AI score0.00127EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.4 views

WordPress plugin LMB Box Smileys 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...

6.1CVSS6.3AI score0.00127EPSS
Exploits0References4
Rows per page
Query Builder