Wordpress
July 4, 2020

Stored XSS in MyBB

Nick

The open source PHP forum software myBB recently published a new update, version 1.8.21. This is a security release fixing a Stored XSS vulnerability in the private messaging and post modules.

What Are the Risks?

Unpatched websites could allow bad actors to send booby-trapped posts or private messages to users. These would execute rogue JavaScript code when opened, momentarily giving the attacker’s scripts all privileges to the targeted account.

If administrators are targeted, successful attacks could trick their browser into hacking their own site by executing code on the server and grant full power over the site to the assailants.

Continue reading Stored XSS in MyBB <= 1.8.20 at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Vulnerability & Patch Roundup January 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…

Read Story
Wordpress
March 7, 2024

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 8, 2024 to July 14, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors?…

Read Story
Wordpress
July 18, 2024

Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners

On August 3, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities that were discovered…

Read Story
Wordpress
September 22, 2021

Emergency WordPress Help

One of our techs will get back to you within minutes.