VYPR

Push extension

by MediaWiki

CVEs (2)

  • CVE-2020-29004HigJan 29, 2021
    risk 0.57cvss 8.8epss 0.01

    The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.

  • CVE-2020-29005HigJan 29, 2021
    risk 0.49cvss 7.5epss 0.01

    The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.