Known Vulnerabilities for products from MyBB

Listed below are 20 of the newest known vulnerabilities associated with the vendor "MyBB".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2025-23749 Not Provided 2025-01-16 2026-04-01
CVE-2023-46251 MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape inpu... 6.1 - MEDIUM 2023-11-06 2023-11-14
CVE-2023-45556 Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the the... 5.4 - MEDIUM 2023-11-06 2023-11-14
CVE-2023-41362 MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval,... 7.2 - HIGH 2023-08-29 2023-09-11
CVE-2023-28467 In MyBB before 1.8.34, there is XSS in the User CP module via the user email field. 6.1 - MEDIUM 2023-05-22 2023-05-27
CVE-2022-45867 MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high pri... 7.2 - HIGH 2023-01-03 2023-01-10
CVE-2022-43709 MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the ... 4.9 - MEDIUM 2022-11-22 2022-11-22
CVE-2022-43708 MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers... 6.1 - MEDIUM 2022-11-22 2022-11-22
CVE-2022-43707 MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to ... 6.1 - MEDIUM 2022-11-22 2022-11-22
CVE-2022-39265 MyBB is a free and open source forum software. The _Mail Settings_ → Additional Parameters for PHP's mail() function mail_p... 7.2 - HIGH 2022-10-06 2023-11-07
CVE-2022-28354 In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time pe... 6.1 - MEDIUM 2023-04-24 2023-05-03
CVE-2022-24734 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.2 - HIGH 2022-03-09 2022-09-30
CVE-2021-43281 MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settin... 7.2 - HIGH 2021-11-04 2021-11-05
CVE-2021-41866 MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not esca... 5.4 - MEDIUM 2021-10-26 2021-10-28
CVE-2021-27949 Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools. 6.1 - MEDIUM 2021-03-15 2021-03-16
CVE-2021-27948 SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3). 7.2 - HIGH 2021-03-15 2021-03-16
CVE-2021-27947 SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3). 7.2 - HIGH 2021-03-15 2021-03-16
CVE-2021-27946 SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3). 8.8 - HIGH 2021-03-15 2021-03-23
CVE-2021-27890 SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files. 8.8 - HIGH 2021-03-15 2021-09-21
CVE-2021-27889 Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. 6.1 - MEDIUM 2021-03-15 2021-09-21
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from MyBB

Type Vendor Product Version
ApplicationMybbAjax Forum Stat2.0
ApplicationMybbBan List1.0
ApplicationMybbMerge System1.8.5
ApplicationMybbMybb1.0
ApplicationMybbNew Threads1.0
ApplicationMybbTrash Bin1.1.3