I have an idle MyBB 1.6.18 copy. I know there is no support on that version.
Since it's idle it's dangerous to leave it in that version? Or it is safe?
Definitely dangerous and penetrating
MyBB 1.8.21 Released — Security & Maintenance Release
- High risk: Theme import stylesheet name RCE — reported by Simon Scannell and Robin Peraglie of RIPS Technologies
- High risk: Nested video MyCode persistent XSS — reported by Simon Scannell and Robin Peraglie of RIPS Technologies
- Medium risk: Find Orphaned Attachments reflected XSS — reported by Simon Scannell of RIPS Technologies
- Medium risk: Post edit reflected XSS — reported by adm1nkyj of ENKI
- Medium risk: Private Messaging folders SQL injection — reported by Alex of DiscoveryGC
- Low risk: Potential phar deserialization through Upload Path — reported by Simon Scannell of RIPS Technologies
MyBB 1.8.20 Released — Security & Maintenance Release- Medium risk: Reset Password reflected XSS
- Medium risk: ModCP Profile Editor username reflected XSS — reported by Jovan Zivanovic of MaTRIS Research Group, SBA Research
- Low risk: Predictable CSRF token for guest users — reported by Devilshakerz of MyBB Team
- Low risk: ACP Stylesheet Properties XSS — reported by Cillian Collins
- Low risk: Reset Password username enumeration via email — reported by Abdullah Md. Shaleh
MyBB 1.8.19 Released — Security & Maintenance Release
- High risk: Email field SQL Injection — reported by StefanT
- Medium risk: Video MyCode Persistent XSS in Visual Editor — reported by Numan OZDEMIR of InfinitumIT
- Low risk: Insufficient permission check in User CP’s attachment management — reported by StefanT
- Low risk: Insufficient email address verification — reported by StefanT
The only version we'd ever recommend running is the most recent.