A security issue has been reported to us that affects the versions of vBulletin listed here: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 We have released security patches to account for this vulnerability. The patch resolves a potential Cross-Site Forgery Request in the authorization system. It is recommended that all users install the patch provided for their version as soon as possible.
You can download the patch for your version here: http://members.vbulletin.com/patches.php
As part of our maintenance of Cloud Sites, we have applied the patch to those sites. If necessary, we will contact Cloud Customers with further information.
The current vBulletin 5.1.3 Alpha will include this fix on its next release. vBulletin 5.1.3 Alpha should not considered suitable for production or live servers.
Patch version numbers are:
Security patch: 5.1.2 PL2
Security patch: 5.1.1 PL2
Security patch: 5.1.0 PL3
Security patch: 5.0.5 PL4
Security patch: 5.0.4 PL5
Security patch: 5.0.3 PL4
Security patch: 5.0.2 PL5
Security patch: 5.0.1 PL4
Security patch: 5.0.0 PL4
All patches can be downloaded at http://members.vbulletin.com/patches.php
To install the patch for your version, upload the files included in the downloaded patch package and overwrite the existing files on your server.