Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mybb — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting mybb. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MyBB serves as a free, open-source forum software platform enabling online community discussions. Historically, it has been susceptible to multiple vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, contributing to its 17 recorded CVEs. While no major public security incidents have been widely documented, the software's persistent vulnerability history suggests a need for rigorous patch management and security hardening. Its PHP-based architecture and extensive customization options may introduce additional attack surfaces if not properly maintained. Regular updates and secure configuration remain critical for mitigating risks associated with this platform.

Top products by mybb: MyBB myBB forums MyBB Like Plugin MyBB Downloads Plugin MyBB Last User's Threads in Profile Plugin MyBB My Arcade Plugin MyBB Recent threads
CVE IDTitleCVSSSeverityPublished
CVE-2018-25309 MyBB Recent threads 17.0 Persistent Cross-Site Scripting — MyBB Recent threadsCWE-79 7.2 High2026-04-29
CVE-2018-25250 MyBB Last User's Threads in Profile Plugin 1.2 Persistent XSS — MyBB Last User's Threads in Profile PluginCWE-79 7.2 High2026-04-04
CVE-2018-25249 MyBB My Arcade Plugin 1.3 Persistent XSS via Comment — MyBB My Arcade PluginCWE-79 6.4 Medium2026-04-04
CVE-2018-25248 MyBB Downloads Plugin 2.0.3 Persistent XSS via downloads.php — MyBB Downloads PluginCWE-79 7.2 High2026-04-04
CVE-2018-25247 MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profiles — MyBB Like PluginCWE-79 6.1 Medium2026-04-04
CVE-2023-53978 myBB Forums 1.8.26 Stored Cross-Site Scripting via Forum Announcements — myBB forumsCWE-79 5.4 Medium2025-12-22
CVE-2023-53979 MyBB 1.8.32 Authenticated Remote Code Execution via Chained Vulnerabilities — MyBBCWE-22 8.8 High2025-12-22
CVE-2023-53976 myBB Forums 1.8.26 Stored Cross-Site Scripting via Template Management — myBB forumsCWE-79 5.4 Medium2025-12-22
CVE-2023-53977 myBB Forums 1.8.26 Stored Cross-Site Scripting via Forum Management — myBB forumsCWE-79 5.4 Medium2025-12-22
CVE-2025-48941 MyBB may disclosure unviewable threads' titles in searches — mybbCWE-1230 5.3 Medium2025-06-02
CVE-2025-48940 MyBB's upgrade component vulnerable to local file inclusion — mybbCWE-22 7.2 High2025-06-02
CVE-2024-23335 Backups directory .htaccess deletion in. MyBB — mybbCWE-20 4.7 Medium2024-05-01
CVE-2024-23336 Incomplete disallowed remote addresses list in MyBB — mybbCWE-918 5.0 Medium2024-05-01
CVE-2023-46251 Visual editor persistent Cross-site Scripting (XSS) in MyBB — mybbCWE-79 7.5 High2023-11-06
CVE-2022-39265 Mail settings' command parameter injection in mybb — mybbCWE-74 7.2 High2022-10-06
CVE-2022-24734 Remote code execution in mybb — mybbCWE-94 7.2 High2022-03-09
CVE-2020-15139 XSS in MyBB — MyBBCWE-79 8.8 High2020-08-10

This page lists every published CVE security advisory associated with mybb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.