A warning from its developer team vBulletin informs its customers that a vulnerability exists security in vBSEO, a sub-application for engine optimization search. administrators are advised to choose a different tool for SEO work.
Administrators waiting for an update to fix the issue are informed by vBulletin that there is a solution to the issue. This is to disable 2 code lines within vBSEO / includes / functions_vbseo_hook.php.
These two lines are as follows:
// if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))
// $permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;
If you are also running the Suspect File Versions diagnostic tool, then you will need to create a new MD5 for the file you have changed.
However, η vBulletin warns in the email that proposes the above amendment that it does not warrant that exploitation of the security vulnerability (referred to as CVE-2014-9463) will no longer be possible, and that the vBulletin team is not responsible if something's wrong.
The recommendation for administrators is to completely remove vBSEO from the system and choose a different tool for optimizing SEO.