Description
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.
Remediation
References
Related Vulnerabilities
WordPress Plugin Import/Export Customizer Settings Cross-Site Request Forgery (1.0.3)
WordPress Plugin Email Queue by BestWebSoft Cross-Site Scripting (1.1.1)
WordPress Plugin WooCommerce BuddyPress Integration Unspecified Vulnerability (3.2.6.1)
WordPress Plugin N-Media Post Front-end Form Arbitrary File Upload (1.0)
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Security Bypass (3.10.15)