The flaw affects vBulletin versions 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 - vBulletin 4 users are safe.
Registered customers are urged to pick up the patches and implement them as soon a possible.
"As part of our maintenance of Cloud Sites, we will apply the patch to them. If necessary, we will contact Cloud Customers with further information," announced vBulletin technical support lead Wayne Luke, and added that vBulletin 5.1.3 Alpha will include this fix on its next release.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.