Mybb
This hub aggregates every CVE we track for Mybb, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
140
CVEs tracked
12
Critical
43
High
0
In CISA KEV
Severity distribution
MEDIUM83HIGH43CRITICAL12LOW2
Monthly trend
0
0
0
0
1
0
0
0
0
4
0
2
0
1
0
0
0
4
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Mybb.
- CVE-2023-53978myBB Forums 1.8.26 Stored Cross-Site Scripting via Forum Announcements5.4
- CVE-2023-53977myBB Forums 1.8.26 Stored Cross-Site Scripting via Forum Management5.4
- CVE-2023-53979MyBB 1.8.32 Authenticated Remote Code Execution via Chained Vulnerabilities8.8
- CVE-2023-53976myBB Forums 1.8.26 Stored Cross-Site Scripting via Template Management5.4
- CVE-2011-10018myBB 1.6.4 Backdoor Arbitrary Command Execution9.8
- CVE-2025-48941MyBB may disclosure unviewable threads' titles in searches5.3
- CVE-2025-48940MyBB's upgrade component vulnerable to local file inclusion7.2
- CVE-2025-29458An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrat...7.6
- CVE-2025-29460An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators...7.6
- CVE-2025-29457An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administra...7.6
- CVE-2025-29459An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and b...7.6
- CVE-2024-52702A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into th...5.4
- CVE-2024-23335Backups directory .htaccess deletion in. MyBB4.7
- CVE-2024-23336Incomplete disallowed remote addresses list in MyBB5.0
- CVE-2023-46251Visual editor persistent Cross-site Scripting (XSS) in MyBB7.5
Product normalization is registry-driven with AI assist and human review. How it works