VYPR

Mediawiki Extensions Checkuser

by Wikimedia Foundation

Source repositories

CVEs (5)

  • CVE-2025-53479MedJul 8, 2025
    risk 0.35cvss 5.4epss 0.00

    The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism. This…

  • CVE-2025-53480MedJul 8, 2025
    risk 0.35cvss 5.4epss 0.00

    The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when…

  • CVE-2025-61650LowFeb 3, 2026
    risk 0.07cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from *…

  • CVE-2025-61649LowFeb 3, 2026
    risk 0.07cvss epss 0.00

    Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309.

  • CVE-2025-61647LowFeb 3, 2026
    risk 0.03cvss epss 0.00

    Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php. This issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4.