If administrators are targeted, successful attacks could trick their browser into hacking their own site by executing code on the server and grant full power over the site to the assailants. Furthermore, a database column truncation bug allowed administrators to store PHP backdoors on their site. While not as critical as it may first seem (administrators own their site), combining this bug with the XSS attack vector makes it possible for an attacker to trick the owner’s browser into taking over its own site, using the bad actor’s backdoor. Update As Soon As Possible Unauthenticated attacks are very serious because they can be automated, making it easy for hackers to mount successful, widespread attacks against vulnerable websites. The number of active installs, the ease of exploitation, and the effects of a successful attack are what makes this vulnerability particularly dangerous. To protect against this vulnerability, we strongly encourage MyBB users to update their site to version 1.8.21 as soon as possible.