Popular internet forum software maker vBulletin has patched a Critical vulnerability that affects multiple vBulletin 5 versions.
The vBulletin 5.6.1 Security Patch Level 1 (pl1) addresses a Critical “incorrect access control” vulnerability CVE-2020-12720 in vBulletin versions 5.5.6pl1, 5.6.0 and 5.6.1.
vBulletin forum software is used on over 100,000 social websites, which can be a prime target for hackers when left unpatched.
Readers may remember a hacker released a proof-of-concept (PoC) code of a vBulletin exploit of a remote code execution vulnerability last September.
The following month, security experts from Palo Alto Networks Unit 42 identified active exploitation of the vulnerability CVE-2019-16759 in the wild.
Website administrators should take note of the new patch and upgrade as soon as possible.