Critical vulnerability in vBSEO patched
The developers of the vBSEO extension to the vBulletin forum software have closed a critical vulnerability in their plugin. The vBSEO plugin adds search engine optimisation (SEO) functionality to the vBulletin core code.
The vulnerability – an SQL injection flaw which allows attackers to execute commands and manipulate the contents of the forum's database – comes only a short time after the developers patched another flaw, which was recently misused to attack online forums en masse.
Affected users can download the patched versions of 3.3.x, 3.5.x and 3.6.0 from the download area (login required) of the vBSEO web site. The vBSEO forum also provides instructions how to close the security hole manually. Since an exploit has already been found in the wild, users should update their installations immediately.