Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.

Remediation

References

CVE-2021-31554

Related Vulnerabilities

WordPress Plugin Tutor LMS-eLearning and online course solution Insecure Direct Object Reference (2.7.0)

WordPress Plugin Double Opt-In for Download Multiple Cross-Site Scripting Vulnerabilities (2.1.5)

WordPress Plugin 123devis-affiliation Cross-Site Scripting (1.0.4)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.42)

WordPress Plugin Question and Answer Forum 'title' Variable Cross-Site Scripting (1.2.4)

Severity

Medium

Classification

CVE-2021-31554 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities