2013-01-28, 12:51 PM
This list may not contain all plugins (it certainly doesn't) and its purpose is to inform users of which versions of which plugins not to use.
If you know of any other vulnerable plugins please PM a staff member or report it in the Private Inquiries forum. Please remember to include a proof of concept.
The plugins on the Mods site that are available for download should no longer have the vulnerabilities that made us post the plugins in this list, however, it is not 100% sure that they do not contain more vulnerabilities. As always, you use them at your own risk.
If a certain plugin, which is listed here, is not downloadable on the Mods site, it most likely hasn't been patched (therefore we disabled it) yet so we advise you to remove it from your forums until a new version is available.
Plugin - Plugin Version - Author - Report Date
If you know of any other vulnerable plugins please PM a staff member or report it in the Private Inquiries forum. Please remember to include a proof of concept.
The plugins on the Mods site that are available for download should no longer have the vulnerabilities that made us post the plugins in this list, however, it is not 100% sure that they do not contain more vulnerabilities. As always, you use them at your own risk.
If a certain plugin, which is listed here, is not downloadable on the Mods site, it most likely hasn't been patched (therefore we disabled it) yet so we advise you to remove it from your forums until a new version is available.
Plugin - Plugin Version - Author - Report Date
- Profile Wii Friend Code (1.0) - Solstice - 01/28/2013
- AwayList (1.6.8) - Jan - 01/28/2013
- HM_My Country Flags (1.1) - Himura - 01/28/2013
- Profile Skype ID (1.0) - ShadowWeaver - 01/28/2013
- Social Sites (0.2.2) - MattRogowski - 01/28/2013
- DyMy User Agent (0.1.4 and earlier) - Dylan M. - 01/28/2013
- Facebook profile link on Postbit (2.1) - Asterix (for MyBB 1.4) - 01/28/2013
- Facebook profile link on Postbit (2.2) - Asterix - 01/28/2013
- AJAX Chat (1.0) - phpscriptcoder (Note: according to the change log, the latest "1.0" has no XSS vulnerability. However, the author kept the version number thus you should update your local copy to the latest 1.0 available on the Mods site) - 01/28/2013
- MyYoutube (1.0) - Edson Ordaz - 01/28/2013
- Tips Of The Day (1.0) - Edson Ordaz - 01/28/2013
- Profile Blogs (1.2) - FilipK - 01/28/2013
- Bank v3 (3.0) - kingofpersia - 01/28/2013
- kingchat (0.5) - kingofpersia - 01/28/2013
- Follower User (1.5) - Edson Ordaz - 01/28/2013
- Forum Userbar Plugin (2.2) - Tom K. - 01/28/2013
- Advanced Forum Signatures (2.0.4) - Steven - 01/28/2013
- MyTabs (1.31) - EthanD - 01/28/2013
- NewPoints (1.9.6) - Pirata Nervo - 01/28/2013
- MyTube (1.0) - Euan T. - 01/28/2013
- MyStatus (3.1) - Euan T. - 01/28/2013
- Tapatalk (3.3.2) - Tapatalk - 02/22/2013
- Profile Xbox Live ID (1.0) - Josephvb10 - 03/02/2013
- Game Section (1.2.2 or lower) - Paretje - 03/08/2013
- ChangUonDyU - Extra File Chatbox - ChangUonDyU - 09/05/2013
- Wiki Plugin (1.2.1 or lower) - King Louis - 10/13/2013
- iShare (1.2.1 or lower) - Simon S. - 11/09/2013
- Ajax forum stat v 2 (2.0 or lower, 1.x version doesn't seem to be vulnerable) - kingofpersia - Feb/07/2014
- Ajax Multiple Upload Attachment (1.3 or lower) - kingofpersia - Dec/30/2014
- Ajax Forum Stat (5.0.0 or lower) - kingofpersia - Dec/30/2014