Description
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).
Remediation
References
Related Vulnerabilities
WordPress Plugin Logo Carousel Cross-Site Scripting (1.7.1)
MySQL CVE-2019-2587 Vulnerability (CVE-2019-2587)
WordPress Plugin wpCentral Security Bypass (1.4.7)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32472)
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Unspecified Vulnerability (4.10.2)