NextGuard
UNKNOWNCVE-2025-71281

XenForo Template Method Call Restriction Bypass

Platform

php

Component

xenforo

Fixed in

2.3.7

View on NVD

XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potentially allowing unauthorized method invocations.

How to fix

Actualice XenForo a la versión 2.3.7 o posterior. Esta versión corrige la vulnerabilidad que permite la invocación no autorizada de métodos a través de plantillas. La actualización asegura que se apliquen las restricciones adecuadas en las llamadas a métodos.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free