CVE-2018-11502

Name of the Vulnerable Software and Affected Versions Moderator Log Notes plugin version 1.1 for MyBB

Description The issue allows an attacker to remotely delete all moderator notes and logs in the moderator control panel (modCP) and administrator control panel (ACP) via a Cross-Site Request Forgery (CSRF) attack. This enables unauthorized modification of sensitive data.

Recommendations For Moderator Log Notes plugin version 1.1, consider implementing CSRF protection mechanisms to prevent unauthorized requests. As a temporary workaround, restrict access to the modCP and ACP to minimize the risk of exploitation.