Description
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.
Remediation
References
Related Vulnerabilities
WordPress Plugin McAvoy Cross-Site Scripting (0.1.0)
Oracle Database Server CVE-2013-3771 Vulnerability (CVE-2013-3771)
WordPress 4.2.x Arbitrary File Deletion Vulnerability (4.2 - 4.2.20)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5665)
WordPress Plugin Twitter Cards Meta Multiple Vulnerabilities (2.4.5)