Description
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension.
Remediation
References
Related Vulnerabilities
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0093)
PHP CVE-2004-0542 Vulnerability (CVE-2004-0542)
WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Security Bypass (3.5.4)
WordPress Plugin Simple Job Board Cross-Site Scripting (2.4.3)
WordPress Plugin Simple Events Calendar SQL Injection (1.4.0)