Browse all 17 CVE security advisories affecting Mybb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MyBB serves as a free, open-source forum software platform enabling online community discussions. Historically, it has been susceptible to multiple vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, contributing to its 17 recorded CVEs. While no major public security incidents have been widely documented, the software's persistent vulnerability history suggests a need for rigorous patch management and security hardening. Its PHP-based architecture and extensive customization options may introduce additional attack surfaces if not properly maintained. Regular updates and secure configuration remain critical for mitigating risks associated with this platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-53979 | MyBB 1.8.32 Authenticated Remote Code Execution via Chained Vulnerabilities — MyBBCWE-22 | 8.8 | High | 2025-12-22 |
| CVE-2025-48941 | MyBB may disclosure unviewable threads' titles in searches — mybbCWE-1230 | 5.3 | Medium | 2025-06-02 |
| CVE-2025-48940 | MyBB's upgrade component vulnerable to local file inclusion — mybbCWE-22 | 7.2 | High | 2025-06-02 |
| CVE-2024-23335 | Backups directory .htaccess deletion in. MyBB — mybbCWE-20 | 4.7 | Medium | 2024-05-01 |
| CVE-2024-23336 | Incomplete disallowed remote addresses list in MyBB — mybbCWE-918 | 5.0 | Medium | 2024-05-01 |
| CVE-2023-46251 | Visual editor persistent Cross-site Scripting (XSS) in MyBB — mybbCWE-79 | 7.5 | High | 2023-11-06 |
| CVE-2022-39265 | Mail settings' command parameter injection in mybb — mybbCWE-74 | 7.2 | High | 2022-10-06 |
| CVE-2022-24734 | Remote code execution in mybb — mybbCWE-94 | 7.2 | High | 2022-03-09 |
| CVE-2020-15139 | XSS in MyBB — MyBBCWE-79 | 8.8 | High | 2020-08-10 |
This page lists every published CVE security advisory associated with Mybb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.