CVE-2021-3337

HIGH

Hide-Thread-Content Plugin through 2021-01-27 for MyBB - Unauthenticated Information Disclosure via Reply or Quote

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3337. PoCs published by 0xB9.

AI-analyzed exploit summary This exploit describes an information disclosure vulnerability in the MyBB Hide Thread Content Plugin 1.0, where hidden thread content can be viewed without replying by using the reply or quote functionality.

Description

The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.

Exploits (1)

exploitdb WRITEUP

by 0xB9 · textwebappsphp

https://www.exploit-db.com/exploits/49496

View Code ZIP pw:eip

This exploit describes an information disclosure vulnerability in the MyBB Hide Thread Content Plugin 1.0, where hidden thread content can be viewed without replying by using the reply or quote functionality.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MyBB Hide Thread Content Plugin 1.0

No auth needed

Prerequisites: Access to a thread with hidden content

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/snlbaral/Hide-Thread-Content/issues/1

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/161185/MyBB-Hide-Thread-Content-1.0-Information-Disclosure.html

Scores

CVSS v3 7.5

EPSS 0.1147

EPSS Percentile 95.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-863

Status published

Products (1)

hide_thread_content_project/hide_thread_content 1.0

Published Jan 28, 2021

Tracked Since Feb 18, 2026