Description
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Scripting (4.0.4)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1240)
WordPress Plugin SEO Plugin LiveOptim Multiple Vulnerabilities (1.1.8-free)
WordPress Plugin Staff Directory-Employee Directory for WordPress Unspecified Vulnerability (3.6.1)