MyBB Community Forums

MyBB 1.2.5 is a security update to the MyBB 1.2 series. It fixes a Moderate risk vulnerability recently discovered and reported in MyBB. We recommend everybody upgrades to this release as soon as possible or patches their boards with the manual patching instructions below.

We recommend all users upgrade their copy of MyBB to the latest available release.

This vulnerability allows a hacker to use HTML in their away reason and gain login details through XSS.

Immediately we're releasing a new version of MyBB which patches this exploit (MyBB 1.2.5). MyBB 1.1.8 is also affected. (See below)

MyBB 1.2.5 fixes this security vulnerability and nothing more: We're not quite ready to release a bug fix update at this time.

MyBB 1.2.4 to MyBB 1.2.5 Patch
This patch is only for users running MyBB 1.2.4. If you are running any other version of the MyBB 1.2 series then please download MyBB 1.2.5 from the MyBB site and update to it.

Please download the attached ZIP archive of member.php and inc/class_core.php and replace the files in your forum directory with the versions from the ZIP archive.

If you wish to manually patch your board please download "mybb_124_xss_fix.txt" and follow the instructions in that file.

Users running MyBB 1.1.8
This patch is only for users running MyBB 1.1.8. If you are running any other version of the MyBB 1.1 series then please download MyBB 1.2.5 from the MyBB site and update to it.

Please download the attached ZIP archive of member.php and replace the file in your forum directory with the versions from the ZIP archive.

If you wish to manually patch your board please download "mybb_118_xss_fix.txt" and follow the instructions in that file.