CVE-2018-25116 MEDIUM

CVE-2018-25116: MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting

Vendor Jamiesage123

Product MyBB Thread Redirect Plugin

Weakness CWE-79 · XSS

Published January 23, 2026

Last update January 23, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.

Key dates

02Disclosure timeline

January 23, 2026 CVE published

January 23, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-25116 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-54317 WordPress Web Stories plugin <= 1.37.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-47623 WordPress Gallery Lightbox plugin <= 1.0.0.39 - Cross Site Scripting (XSS) vulnerability CVE-2022-20831 CVE-2025-22781 WordPress Nativery Plugin plugin <= 0.1.6 - Cross Site Scripting (XSS) vulnerability CVE-2026-1646 Advance Block Extend <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via TitleColor Block Attribute