The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2018-4485 Related Report None Severity LOW Exploit Difficulty NORMAL Platform Affects all platforms supported by the vulnerable versions. Description Permissions Escalation. VWE-2017-4318 was incorrectly applied. Users may be able to view the titles of content in a Similar Content block, without permission to view that content, by leveraging the WIDGET BB-Code. Does not affect Lite versions.
Discovered February 16, 2018 Resolved March 16, 2018 Patches Available 4.0.21 Patch Level 1
4.0.20 Patch Level 4
4.0.19 Patch Level 7
4.0.18 Patch Level 8
4.0.17 Patch Level 10Workaround In your AdminCP, go to your forum's Custom BB-Codes manager, and locate the WIDGET BB-Code. In the BB-Code's settings:
- Set Wiki-Related Options > Parse BB-Code in Wiki pages? = No.
Set Wiki-Related Options > Parse BB-Code in non-wiki messages? = No.