A warning from its developer team vBulletin informs its customers that there is a security vulnerability in vBSEO, a sub-application for search engine optimization. managers are advised to opt for a different tool for SEO work.
Administrators waiting for an update to fix the issue are informed by vBulletin that there is a solution to the issue. This is to disable 2 code lines within vBSEO / includes / functions_vbseo_hook.php.
These two lines are as follows:
// if (isset ($ _ REQUEST ['ajax']) && isset ($ _ SERVER ['HTTP_REFERER']))
// $ permalinkurl = $ _SERVER ['HTTP_REFERER'] $ permalinkurl;
If you are also running the Suspect File Versions diagnostic tool, then you will need to create a new MD5 for the file you have changed.
However, η vBulletin warns in the email that proposes the above amendment that it does not warrant that exploitation of the security vulnerability (referred to as CVE-2014-9463) will no longer be possible, and that the vBulletin team is not responsible if something's wrong.
The recommendation for administrators is to completely remove vBSEO from the system and choose a different tool for optimizing SEO.