VWE-2019-5150 Viewing Source [template]Vulnerability | cve= | aka= | severity=Medium | difficulty=Easy | description=Permissions Escalation. By guessing the correct editor URL, users can post new wiki content without proper permissions. The issue affects new content only; edits to existing content are unaffected. | platform= | lite= | issueid= | discover-date=March 28, 2019 | patch-date=May 2, 2019 | patches=4.1.0 Beta 1 | workaround=In your Wiki Permissions, for each usergroup that should not permitted to create all content, update all permissions like "Are new [X] NOT moderated?" to NO. This will catch all new content in the moderation queue, including content created without permission. [/template] 694 characters