MyBB 1.8.26 is now available, and is a security release.
-
6 security vulnerabilities addressed:
- High risk: Nested Auto URL persistent XSS (advisory) — reported by Simon Scannell & Carl Smith
- Medium risk: Theme properties SQL injection (advisory) — reported by Simon Scannell & Carl Smith
- Medium risk: Poll vote count SQL injection (advisory) — reported by Devilshakerz (MyBB Team)
- Medium risk: Forum Management SQL injection (advisory) — reported by Devilshakerz (MyBB Team)
- Medium risk: Usergroups SQL injection (advisory) — reported by Devilshakerz (MyBB Team)
- Low risk: Custom moderator tools reflected XSS (advisory) — reported by Devilshakerz (MyBB Team)
Check the Release Notes for more information.
Get latest MyBB Full & Upgrade Packages →
The MyBB Project extends thanks to reporters and researchers following responsible disclosure.
Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.
If you would like to contribute to the Project, Get Involved.
Thanks,
MyBB Team