CVE-2018-25116

MEDIUM

MyBB Thread Redirect Plugin 0.2.1 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25116. PoCs published by 0xB9.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the MyBB Thread Redirect Plugin 0.2.1. The payload is injected via the custom text input field and executes when a user views the thread.

Description

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.

Exploits (1)

exploitdb WORKING POC
by 0xB9 · textwebappsphp
https://www.exploit-db.com/exploits/49505

This exploit demonstrates a stored XSS vulnerability in the MyBB Thread Redirect Plugin 0.2.1. The payload is injected via the custom text input field and executes when a user views the thread.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: MyBB Thread Redirect Plugin 0.2.1
Auth required
Prerequisites: Access to create a thread in MyBB · Thread Redirect Plugin 0.2.1 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.0028
EPSS Percentile 19.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
mybb/thread_redirect 0.2.1
Published Jan 23, 2026
Tracked Since Feb 18, 2026