Is anyone here familiar with SQL Injection and is UBB Threads vulnerable?

Yes. In the past UBB.threads had several vulnerabilities during different stages. Generally, this was related to forgetting to call addslashes and sanitize all data coming from the user.

When we rewrote version 7 however we now pass everything through a variety of functions that take care of this. All of our sql queries go through a routine where we pass the user data in an array, and each one is sanitized/escaped properly before actually being passed to MySQL. So we haven't had an issue with this since 7.0 came out.