Last September, an anonymous hacker publicly revealed a zero-day error in software.
Following the revelation, many malicious agents took advantage of this error (CVE-2019-16759) to gain access to various forums and managed to obtain sensitive details such as username, email address, latest IP used to access the forums, etc.
Vulnerability was discovered by Charles Fol, a security engineer at Ambionics. However, he did not disclose further details. More information on vulnerability is expected to be published at the conference SSTIC, which will take place on June 3-5.
The CVE-2020-12720 is a vulnerability of access control and Fol characterizes it as critical.
To correct the error, vBulletin released a new one updated version security code
5.6.1 Patch Level 1
5.6.0 Patch Level 1
5.5.6 Patch Level 1
If you are using a version of vBulletin 5 Connect before 5.5.6, it is recommended that you upgrade to newer versions. The company also states that "the security patch has already been implemented on all vBulletin Cloud websites."