VWE-2018-4485 Viewing Source [template]Vulnerability | cve= | aka= | severity=Low | difficulty=Normal | description=Permissions Escalation. [wiki]VWE-2017-4318[/wiki] was incorrectly applied. Users may be able to view the titles of content in a Similar Content block, without permission to view that content, by leveraging the WIDGET BB-Code. | lite=no | discover-date=February 16, 2018 | patch-date=March 16, 2018 | patches=4.0.21 Patch Level 1 4.0.20 Patch Level 4 4.0.19 Patch Level 7 4.0.18 Patch Level 8 4.0.17 Patch Level 10 | workaround=In your AdminCP, go to your forum's Custom BB-Codes manager, and locate the WIDGET BB-Code. In the BB-Code's settings: [list][*]Set Wiki-Related Options > Parse BB-Code in Wiki pages? = No. Set Wiki-Related Options > Parse BB-Code in non-wiki messages? = No.[/list] [/template] 809 characters