A security issue has been reported to the vBulletin team. To fix this issue, we have created a new security patch.

You can download the patch for your version in the Member's Area

We have made patches available for the following versions of vBulletin Connect:
  • 5.6.4 PL1
  • 5.6.3 PL1
  • 5.6.2 PL2


Installing the Patch

For the best results with your vBulletin site, it is recommended to upgrade to vBulletin 5.6.4 PL1 if you are not using 5.6.4 currently.
  1. Download the appropriate files for your version of vBulletin 5.6.X
  2. Upload all files found within the zip file to your server. Make sure to overwrite the existing files on your server.
  3. Run the upgrade scripts included in the patch on your server. (/core/install/upgrade.php)
  4. When the upgrade process ends, delete the /core/install directory from your server.


Older Versions

All older versions should be considered vulnerable. Sites running older versions of vBulletin need to be upgraded to vBulletin 5.6.4 as soon as possible. For more information on upgrading please see Quick Overview: Upgrading vBulletin Connect in the support forums.

vBulletin Cloud

vBulletin Cloud sites have been patched.