CVE-2018-14575

Name of the Vulnerable Software and Affected Versions Trash Bin plugin version 1.1.3 for MyBB

Description The issue concerns cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities. The XSS vulnerability can be triggered via a thread subject, while the CSRF vulnerability can be exploited via a post subject.

Recommendations For Trash Bin plugin version 1.1.3, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting user input for thread and post subjects to minimize the risk of exploitation.