These submissions have been marked as vulnerable due to potential security issues with the plugin. This list contains the name of the plugin, the author and a short description regarding its vulnerability. Please bear in mind that the sole purpose of this page is to inform users to avoid these plugins and to help authors address these issues.
Vulnerable Submissions
Related Threads
Version: 1.0.1
2559 Downloads
2020-01-21, 10:53 PM
Staff Notes:
Thread name XSS
Ban List
Version: 1.0
1659 Downloads
2018-12-10, 05:31 PM
Staff Notes:
Database output is not cleaned. Serpius reported a separate issue and I found this while looking at that. Simply needs to use htmlspecialchars_uni() on user info...
External Redirect Warning
Version: 1.3
939 Downloads
2021-03-23, 02:13 PM
Staff Notes:
redirect page `url` parameter XSS vulnerability
Latest Posts on Profile
Version: 1.1
791 Downloads
2018-05-12, 03:21 PM
Staff Notes:
XSS Vulnerability.
Spoiler MyCode
Version: 1.0
304 Downloads
2021-03-09, 02:16 PM
Staff Notes:
malicious code in the plugin file
Thread Redirect
Version: 0.2.1
273 Downloads
2019-01-05, 12:31 AM
Staff Notes:
Conversations System v1.0
Version: 1
231 Downloads
2019-01-05, 01:11 PM
Staff Notes:
Surprisily, its true.. - Omar
Trending Widget
Version: 1.2
183 Downloads
2021-01-29, 04:08 PM
Staff Notes:
XSS
Export User (GDPR/DSGVO)
Version: V2.0
139 Downloads
2022-12-05, 01:32 PM
Staff Notes:
Trash Bin
Version: 1.1.4
38 Downloads
2021-01-21, 08:29 PM
Staff Notes:
CSRF vulnerable