Issue List
VWE-2019-5275 is a Permissions Escalation issue, by which using template parameters in alternate parser types, such as plain-text, makes it possible to render content using settings from the wrong area. The issue affects VaultWiki 4.0.7 and higher, as well as patches for VWE-2015-1601. It only affects XenForo-based platforms.Patches
As of July 12, 2019, the following patches address the aforementioned issue:- 4.0.26 Patch Level 2
- 4.0.25 Patch Level 4
- 4.0.24 Patch Level 6
4.1.x Issues
Since beta versions are not subject to the same patching policy as stable versions, the following issues will be patched in the next release of the 4.1.x branch, 4.1.0 Beta 2, in addition to any relevant issues listed above.VWE-2019-5280 is a Subscription Management issue, where users may receive push notifications about wiki content, even though they have opted out of those notifications, as long as they are opted in to the corresponding alerts. The issue affects 4.1.0 Alpha 2 and higher, on XenForo 2.1 or higher.