CVE-2021-47905

MEDIUM

MyBB Delete Account Plugin 1.4 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47905. PoCs published by 0xB9.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the MyBB Delete Account Plugin 1.4. The vulnerability occurs when a user inputs a malicious script as the reason for deleting their account, which executes when viewed by an admin.

Description

MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons.

Exploits (1)

exploitdb WORKING POC
by 0xB9 · textwebappsphp
https://www.exploit-db.com/exploits/49500

This exploit demonstrates a stored XSS vulnerability in the MyBB Delete Account Plugin 1.4. The vulnerability occurs when a user inputs a malicious script as the reason for deleting their account, which executes when viewed by an admin.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: MyBB Delete Account Plugin 1.4
Auth required
Prerequisites: User account with access to the delete account feature · Admin interaction to view the malicious payload
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.0021
EPSS Percentile 10.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
mybb/delete_account 1.4
Published Jan 23, 2026
Tracked Since Feb 18, 2026