VulnerabilityCVE-2025-71281CVSS 8.8

XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose...

GitHub Advisory Database · GitHub Security4/1/2026, 3:31:40 AM
View Original Source

Summary

XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potentially allowing unauthorized method invocations.

Metadata

Article ID
#480312
Source
GitHub Advisory Database
Scraped At
4/1/2026, 6:10:24 AM
URL Hash
85515d309c49034b…