Description
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.
Remediation
References
Related Vulnerabilities
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.14)
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1584)
WordPress Plugin Gallery PhotoBlocks Cross-Site Scripting (1.1.42)
WordPress Plugin AccessPress Social Icons Multiple Cross-Site Scripting Vulnerabilities (1.5.5)