Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

The Wikimedia Foundation — Vulnerabilities & Security Advisories 62

Browse all 62 CVE security advisories affecting The Wikimedia Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products The Wikimedia Foundation:Mediawiki - GrowthExperiments ExtensionMediawiki - CargoMediawiki - CSS ExtensionMediawiki - CentralAuth ExtensionMediawiki - WikiLove ExtensionMediawiki - FlexDiagrams ExtensionMediawiki - CampaignEvents ExtensionMediawiki - SecurePoll ExtensionMediawiki - LastModified ExtensionMediawiki - MultiBoilerplate ExtensionmasteMediawiki - ExternalGuidanceMediawiki - LanguageSelector ExtensionMediaWiki PageForms extensionMediaWiki GlobalBlocking extensionMediaWiki WatchAnalytics extensionMediawiki - Translate ExtensionMediawiki Foundation - Springboard ExtensionMediawiki - WikiLambda ExtensionMediawiki - WikistoriesMediawiki - PageTriage ExtensionMediawiki - Lockdown ExtensionMediawiki - Thanks Extension, Mediawiki - Growth Experiments ExtensionMediaWiki CookieConsent extensionMediawiki - Wikibase ExtensionMediawiki - ApprovedRevs ExtensionMediawiki - Monaco SkinMediawiki - DiscussionTools ExtensionMediawiki - GlobalWatchlist ExtensionMediawiki - Score ExtensionMediawiki - Wikibase Media Info Extension
CVE IDTitleCVSSSeverityPaused
CVE-2026-39936 Stored XSS in Score due to usage of non-reserved data attributes — Mediawiki - Score ExtensionCWE-79 6.1AIMediumAI2026-04-07
CVE-2026-39935 XSS-via-i18n in localised wiki names — Mediawiki - CampaignEvents ExtensionCWE-79 6.1AIMediumAI2026-04-07
CVE-2026-39934 Growth Experiments ReassignMenteesJob runs as an infinite loop — Mediawiki - GrowthExperiments ExtensionCWE-835 5.9AIMediumAI2026-04-07
CVE-2026-39933 Multiple XSS vulnerabilities in GlobalWatchlist — Mediawiki - GlobalWatchlist ExtensionCWE-79 6.1AIMediumAI2026-04-07
CVE-2026-39937 Global vanishing does not completely remove user email — Mediawiki - CentralAuth ExtensionCWE-212 7.5AIHighAI2026-04-07
CVE-2026-22711 Stored XSS through system messages in WikiLove — Mediawiki - Wikilove ExtensionCWE-87 6.1AIMediumAI2026-04-07
CVE-2025-11175 DiscussionTools should use better regex — Mediawiki - DiscussionTools ExtensionCWE-917 7.5AIHighAI2026-01-30
CVE-2026-22712 ApprovedRevs allows bypassing the inline CSS sanitizer — Mediawiki - ApprovedRevs ExtensionCWE-116 9.1 -2026-01-09
CVE-2026-22713 Stored XSS through edit summaries in GrowthExperiments — Mediawiki - GrowthExperiments ExtensionCWE-79 6.1 -2026-01-09
CVE-2026-22714 i18n XSS, DoS and config SQLI in Monaco — Mediawiki - Monaco SkinCWE-79 6.1 -2026-01-08
CVE-2026-22710 Stored XSS through autocomment system messages in Wikibase — Mediawiki - Wikibase ExtensionCWE-79 6.1 -2026-01-08
CVE-2025-62659 The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors — MediaWiki CookieConsent extensionCWE-79 6.1AIMediumAI2025-10-22
CVE-2025-62661 Do permission checking when getting counts of global and local edits, new articles and thanks — Mediawiki - Thanks Extension, Mediawiki - Growth Experiments ExtensionCWE-276 7.5AIHighAI2025-10-21
CVE-2025-12004 The compare API module breaks Extension:Lockdown — Mediawiki - Lockdown ExtensionCWE-732 8.8AIHighAI2025-10-21
CVE-2025-62701 Stored XSS through system messages — Mediawiki - WikistoriesCWE-79 5.4AIMediumAI2025-10-21
CVE-2025-62702 Stored XSS through system messages — Mediawiki - PageTriage ExtensionCWE-79 6.1AIMediumAI2025-10-21
CVE-2025-62694 Stored XSS through a system message — Mediawiki - WikiLove ExtensionCWE-79 5.4AIMediumAI2025-10-21
CVE-2025-62695 Stored XSS through system messages — Mediawiki - WikiLambda ExtensionCWE-79 5.4AIMediumAI2025-10-21
CVE-2025-62696 Multiple critical security issues in Springboard — Mediawiki Foundation - Springboard ExtensionCWE-77 9.8AICriticalAI2025-10-21
CVE-2025-62699 Special:Translate tool does not use the correct IP and User-Agent in the CheckUser tool — Mediawiki - Translate ExtensionCWE-200 6.5AIMediumAI2025-10-21
CVE-2025-62658 SQL injection in WatchAnalytics through Special:ClearPendingReviews — MediaWiki WatchAnalytics extensionCWE-89 9.8AICriticalAI2025-10-20
CVE-2025-62657 Stored XSS through system messages in PageForms — MediaWiki PageForms extensionCWE-79 5.4AIMediumAI2025-10-20
CVE-2025-62656 GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS — MediaWiki GlobalBlocking extensionCWE-79 5.4AIMediumAI2025-10-20
CVE-2025-62697 Improperly sanitized style parameter in LanguageSelector — Mediawiki - LanguageSelector ExtensionCWE-74 9.8AICriticalAI2025-10-20
CVE-2025-62698 Stored XSS through system messages in ExternalGuidance — Mediawiki - ExternalGuidanceCWE-79 6.1AIMediumAI2025-10-20
CVE-2025-62700 Stored XSS through a system message in MultiBoilerplate — Mediawiki - MultiBoilerplate ExtensionmasteCWE-79 5.4AIMediumAI2025-10-20
CVE-2025-62693 Stored XSS through system messages in LastModified — Mediawiki - LastModified ExtensionCWE-79 6.1AIMediumAI2025-10-20
CVE-2025-11937 Stored XSS through a system message in SecurePoll — Mediawiki - SecurePoll ExtensionCWE-79 6.1AIMediumAI2025-10-18
CVE-2025-62666 DoS vector through the cirrusbuilddoc query API — Mediawiki - CirrusSearch ExtensionCWE-770 7.5AIHighAI2025-10-18
CVE-2025-62667 Stored XSS through article extracts in GrowthExperiments — Mediawiki - GrowthExperiments ExtensionCWE-79 6.1AIMediumAI2025-10-18

This page lists every published CVE security advisory associated with The Wikimedia Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.