MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting Severity MEDIUM Date January 22, 2026 Affected Software MyBB Thread Redirect Plugin 0.2.1 CVE ID CVE-2018-25116 CWE ID CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS V4 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:R/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N References ExploitDB-49505 Thread Redirect Plugin GitHub Repository Credit 0xB9 Description MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.