• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

ToggleME 3.1.4

No permission to download

Similar threads

XenForo Rocks

Team Member
+Lifetime VIP+
True Member
XenForo Rocks updated ToggleME with a new update entry:

Version 3.1.4 released

Version 3.1.4 released
Sanitize strings in the option page to avoid XSS injection from the admin side. Thanks to Julien from RCE Security for his POC. I'm quoted him :
"To successfully exploit this vulnerability, a user with rights to add or change user group titles, style titles or category titles must trick another authenticated user with access rights to the administrative panel to visit the affected configuration page of the plugin."
By the way the version 3.1.3 was never...
Read the rest of this update entry...

Similar threads