Issue List
VWE-2022-6463 is a Data Loss issue, where a user can unwittingly delete a page when they only want to remove the page's node behavior, such as a book or category. The issue affects VaultWiki 4.1.3 and higher, on XenForo 2.x-based platforms only.VWE-2022-6466 is a Permissions Escalation issue, where users can submit ratings to wiki content that moderators are unable to remove. The issue affects VaultWiki 4.1.0 RC 2 and higher.
VWE-2022-6469 is a Permissions Escalation issue, where when the WIDGET BB-Code's Maximum Items in Widget Output is less than the default number for a variant, some variants may render the default number anyway when the count parameter is unspecified. The issue affects VaultWiki 4.0.11 and higher.
VWE-2022-6470 is a Permissions Escalation issue, where when the WIDGET BB-Code's Maximum Items in Widget Output is less than 25, some variants may render more than permitted. The issue affects VaultWiki 4.0.11 and higher.
Patches
The following patches address the aforementioned issues:- 4.1.5 Patch Level 3
- 4.1.4 Patch Level 5
- 4.1.3 Patch Level 7