Description
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
Remediation
References
Related Vulnerabilities
Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745)
Seo Panel Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-22643)
WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.16)
WordPress Plugin WP Web Scraper Unspecified Vulnerability (2.4)
phpList Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-22249)