CVE ID :CVE-2025-71281 Published : April 1, 2026, 1:16 a.m. | 1 hour, 8 minutes ago Description :XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potentially allowing unauthorized method invocations. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...