Using a "nulled" (pirated) version of an already obsolete software creates a compounded security threat:
: Nulled scripts are frequently modified by third parties to include backdoors, malware, or trackers that allow hackers to gain administrative access to your site and server.
: Originally designed for PHP 5.x. It is incompatible with modern PHP versions (7.2 or higher), making it difficult to host on secure, up-to-date servers. Critical Security Risks
vBulletin 4.2.5 vb_unserialize() performance hit - Van Dorp IT
: Exploits exist that allow attackers to inject secondary administrative accounts by abusing the installation or upgrade directories.
: vBulletin 4.2.0 contains numerous unpatched vulnerabilities, such as: