As reported previously and because miniBB version 2.0.5 has been released
, the discovered CSRF vulnerability allows attacker to force administrative persons delete some data without their allowance. Recently, all miniBB addons also have been updated regarding this issue.
They include:AvatarsMoving replies
(contains update regarding avatar addon only, addon_movepost2.php + bb_plugins.code
)PremoderationFile UploadFile StoragePolls & Surveys
Despite the discovered vulnerability has a medium level, we recommend everybody to upgrade to the new version and update all addons as well.
The mentioned addons are now compatible ONLY with the latest release 2.0.5.
Premium addons customers are welcome to get newest versions entering the customer area