February 18th, 2021 at 5:32 PM
Yes, hovercards was the plugin that got us. There was another one that was vulnerable as well. I don’t remember exactly which one it was (I’ll look back through the messages and get back to you). They were notified multiple times when it was discovered.
Update: It was the drafts auto save plugin. Checked back today, still does not appear to have been patched. Sent another message to the MyBB team about it today.
Update: It was the drafts auto save plugin. Checked back today, still does not appear to have been patched. Sent another message to the MyBB team about it today.