Description
An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces.
Remediation
References
Related Vulnerabilities
WordPress Plugin MF Gig Calendar Cross-Site Scripting (1.1)
WordPress Plugin WooCommerce Save For Later Cart Enhancement PHP Object Injection (1.0.6)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.15)
WordPress Plugin Post Duplicator Cross-Site Scripting (2.16)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2024-25605)