The Visitor Messages add-on for vBulletin version 3.7.3 suffers from cross site scripting and cross site request forgery vulnerabilities. This is a worm exploit that takes advantage of these issues.
5752206c5691ff705d128ca2dc77666331538a0b7d3d082cd48a913b6c4d2723