There's no evidence that the fixed vulnerability is being exploited in the wild
On October 25, 2012, Invision Power Services (IPS) released a security update for IP.Board 3.3.x, 3.2.x and 3.1.x.Initially, it was believed that the vulnerability addressed by this update might have been leveraged by hackers to gain access to NBC sites and a Lady Gaga fan site on November 4. However, according to IPS representatives, they’re not aware of any specific exploit for the security hole.
On the other hand, after completing the second phase of security procedures for such updates – which involves auditing the impacted area of the software in order to “proactively harden the security features before an actual exploit is found” – the company determined that protection can be further enhanced.
As a result, a critical security update has been released.
Although the company will stop providing support for version 3.1 soon, a patch has been released for customers who haven’t upgraded their installations yet.