MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profiles

Description

MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile, where liked posts are displayed without sanitization.

Affected Products

Vendor	Product	Versions
mybb	like plugin	3.0.0

References

https://www.exploit-db.com/exploits/45179(exploit)
https://community.mybb.com/mods.php?action=view&pid=360(product)
https://www.vulncheck.com/advisories/mybb-like-plugin-cross-site-scripting-via-user-profiles(third-party-advisory)

Related News (1 articles)

Tier C

VulDB15h ago

CVE-2018-25247 | Like Plugin 3.0.0 on MyBB Post cross site scripting (Exploit 45179 / EDB-45179)

→ No new info (linked only)

CVSS 3.16.1 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79

PublishedApr 4, 2026

Last enriched15h agov2

Trending Score36

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (3)

Version History

Last enriched 15h ago

v2Tier C15h ago

Updated description with new details, changed severity to HIGH, and marked exploit as available and actively exploited.

descriptionseverityexploitAvailableactivelyExploited

via VulDB

v118h ago

Initial creation