Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
0xb9 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-11502
An issue exists in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.
Moderator Log Notes Project Moderator Log Notes 1.1
1 EDB exploit
NA
CVE-2021-281151
MyBB OUGC Feedback plugin version 1.8.22 suffers from a cross site scripting vulnerability.
8.8
CVSSv3
CVE-2018-14575
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject.
Mybb Trash Bin 1.1.3
1 EDB exploit
NA
CVE-2018-145751
MyBB Trash Bin plugin version 1.1.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
NA
CVE-2018-147241
MyBB Bans List version 1.0 suffers from a cross site scripting vulnerability.
5.4
CVSSv3
CVE-2018-10365
An XSS issue exists in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized.
Threads To Link Project Threads To Link 1.3
1 EDB exploit
5.4
CVSSv3
CVE-2023-27890
The Export User plugin up to and including 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Export User Project Export User
4.8
CVSSv3
CVE-2019-3501
The OUGC Awards plugin prior to 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile.
Ougc Awards Project Ougc Awards
1 EDB exploit
NA
CVE-2021-241691
WordPress Advanced Order Export For WooCommerce plugin version 3.1.7 suffers from a cross site scripting vulnerability.
NA
CVE-2021-241741
WordPress Database Backups plugin version 1.2.2.6 suffers from a cross site request forgery vulnerability in the databased backup download functionality.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »