VYPR

AbuseFilter extension

by MediaWiki

CVEs (4)

  • CVE-2021-36126CriJul 2, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This…

  • CVE-2021-31554MedApr 22, 2021
    risk 0.35cvss 5.4epss 0.00

    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.

  • CVE-2021-31545MedApr 22, 2021
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted MediaWiki usernames, related to rev_deleted.

  • CVE-2021-31547MedApr 22, 2021
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.