Description
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.
Remediation
References
Related Vulnerabilities
WordPress Plugin Postie Multiple Vulnerabilities (1.9.40)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-6727)
WordPress Plugin One Click SSL Cross-Site Request Forgery (1.4.6)
WordPress Plugin Font-official webfonts plugin of Fonts For Web Cross-Site Scripting (7.5.1)