I have found that it is easily possible to break the 30 limit. (I have tested this on two forums and will demonstrate below) There is a small gap right after 30 second timer ends that a user can send as many post requests and possible and have them all posted. You don't need to send post requests. It is easily accomplished on a user's profile page because there is no time where after you post the button becomes deactivated. Test for this bug : https://xenforo.com/community/members/awkward_potato.96135/ This is not limited to any amount of posts or just to profile posts. This can be used for major spam.