CVE-2026-8910

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

CVE-2026-8910

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

CVE-2026-8910 WP Emoticon Rating <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting via 'emo_settings' Parameter

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

EUVD-2026-35313

The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web...

CVE-2026-8910

The CVE refers to the WordPress plugin WP Emoticon Rating (versions

WordPress plugin WP Emoticon Rating 跨站请求伪造漏洞

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WP Emoticon Rating plugin has a cross-site reques...

WordPress WP Emoticon Rating plugin <= 1.0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP Emoticon Rating versions = 1.0.1...

CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

SCEditor has DOM XSS via emoticon URL/HTML injection

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

EUVD-2014-3641

Malware in sbrugna...

EUVD-2014-2031

Malware in sbrugna...

SUSE CVE-2010-0013

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. dot dot in an application/x-msnmsgrp2p MSN emoticon aka custom smiley request, a related issue to CVE-2004-0122. NOTE: it cou...

SUSE CVE-2010-1624

The msnemoticonmsg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a custom emoticon in a malformed SLP message...

SUSE CVE-2013-6489

Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service segmentation fault via a crafted emoticon value, which triggers an integer overflow and a buffer overflow...

SUSE CVE-2014-3695

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service application crash via a large length value in an emoticon response...

Directory Traversal

pidgin is vulnerable to directory traversal. The vulnerability exists as a remote attacker could send a specially-crafted emoticon image download request that would cause Pidgin to disclose an arbitrary file readable to the user running Pidgin...

Denial Of Service (DoS)

pidgin is vulnerable to denial of service. A remote attacker could flood the victim with emoticon images during mutual communication, leading to excessive CPU use...

Denial Of Service (DoS)

Pidgin is vulnerable to denial of service attacks. A remote unauthenticated attacker could exploit the vulnerable libpurple library to cause denial of service conditions via a large length value in an emoticon response...

Chaturbate: Stored XSS in chat topic due to insecure emoticon parsing on any message type

Description The funcitonality for adding emoticons into the chat from the serverside perspective is based on a string in the following format: %%%emoticon NAME|EMOTICONURL|WIDTH|HEIGHT|REPORTURL%%% The EMOTICONURL must conform to the following regex: javascript...

Chaturbate: CSRF in REPORT EMOTICON feature

The hacker found that the report emoticon endpoint did not check the csrf token. This was resolved. Users can report to emoticons on the the basis of the expressions but the request made to https://chaturbate.com/emoticonreportabuse/emoticonname was a GET request which was not protected by CSRF...