WordPress LMB^Box Smileys plugin <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin LMB^Box Smileys versions = 3.2...

CVE-2025-12400

The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the managepage function. This makes it possible for unauthenticated attackers to update settings and inject...