The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2019-5275 Related Report None Severity MEDIUM Exploit Difficulty NORMAL Platform XenForo Description Permissions Escalation. Using template parameters in alternate parser types, such as plain-text, makes it possible to render content using settings from the wrong area. Does not affect Lite versions.
Discovered June 12, 2019 Resolved July 12, 2019 Patches Available 4.1.0 Beta 2
4.0.26 Patch Level 2
4.0.25 Patch Level 4
4.0.24 Patch Level 6
Workaround In AdminCP > Wiki > Structures > Content Types, disable the Template type.
This page has been seen 614 times.