PT-2026-30370 · Mybb · Last User Threads

Published

2026-04-04

Updated

2026-04-04

CVE-2018-25250

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users visit the attacker's profile page.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-25250

Affected Products

Last User Threads

PT-2026-30370 · Mybb · Last User Threads

CVE-2018-25250

Weakness Enumeration

Related Identifiers

Affected Products

References · 4