CVE-2021-47905

MEDIUM

MyBB Delete Account Plugin 1.4 - XSS

Title source: llm

Description

MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons.

Exploits (1)

exploitdb WORKING POC
by 0xB9 · textwebappsphp
https://www.exploit-db.com/exploits/49500

References (3)

Scores

CVSS v3 6.1
EPSS 0.0003
EPSS Percentile 9.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
mybb/delete_account 1.4
Published Jan 23, 2026
Tracked Since Feb 18, 2026