Vulnerability in vBulletin Connect (CVE-2020-12720)

Published on 13 May 2020

Updated on 13 May 2020

Security researchers discovered a vulnerability (CVE-2020-12720) in vBulletin Connect. CVE-2020-12720 is an improper access control issue which could be exploited without prior authentication. More details on the vulnerability will be released in June 2020.


To fix this issue, vBulletin has created and released a new security patch. Patches are available for the following versions of vBulletin Connect:

•            5.6.1 Patch Level 1

•            5.6.0 Patch Level 1

•            5.5.6 Patch Level 1


Users of vBulletin are advised to install the patch as soon as possible. Users of vBulletin 5 Connect prior to version 5.5.6 are advised to upgrade their software as soon as possible.


More information is available at