Wordpress
July 4, 2020

Stored XSS in MyBB

Nick

The open source PHP forum software myBB recently published a new update, version 1.8.21. This is a security release fixing a Stored XSS vulnerability in the private messaging and post modules.

What Are the Risks?

Unpatched websites could allow bad actors to send booby-trapped posts or private messages to users. These would execute rogue JavaScript code when opened, momentarily giving the attacker’s scripts all privileges to the targeted account.

If administrators are targeted, successful attacks could trick their browser into hacking their own site by executing code on the server and grant full power over the site to the assailants.

Continue reading Stored XSS in MyBB <= 1.8.20 at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

WordPress Vulnerability & Patch Roundup March 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…

Read Story
Wordpress
March 30, 2023

Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices

WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share…

Read Story
Wordpress
July 13, 2021

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023)

Last week, there were 92 vulnerabilities disclosed in 88 WordPress Plugins and no WordPress themes that have been added to…

Read Story
Wordpress
October 12, 2023

Emergency WordPress Help

One of our techs will get back to you within minutes.