Description
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
Remediation
References
Related Vulnerabilities
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2010-2952)
XWiki Incorrect Authorization Vulnerability (CVE-2023-50732)
WordPress Plugin HUSKY-Products Filter Professional for WooCommerce SQL Injection (1.3.6)
WordPress Plugin File Browser, Manager, Backup (+ Database) Security Bypass (1.23)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8656)