Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

The Wikimedia Foundation — Vulnerabilities & Security Advisories 62

Browse all 62 CVE security advisories affecting The Wikimedia Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by The Wikimedia Foundation:Mediawiki - GrowthExperiments ExtensionMediawiki - CargoMediawiki - CSS ExtensionMediawiki - CentralAuth ExtensionMediawiki - WikiLove ExtensionMediawiki - FlexDiagrams ExtensionMediawiki - CampaignEvents ExtensionMediawiki - SecurePoll ExtensionMediawiki - LastModified ExtensionMediawiki - MultiBoilerplate ExtensionmasteMediawiki - ExternalGuidanceMediawiki - LanguageSelector ExtensionMediaWiki PageForms extensionMediaWiki GlobalBlocking extensionMediaWiki WatchAnalytics extensionMediawiki - Translate ExtensionMediawiki Foundation - Springboard ExtensionMediawiki - WikiLambda ExtensionMediawiki - WikistoriesMediawiki - PageTriage ExtensionMediawiki - Lockdown ExtensionMediawiki - Thanks Extension, Mediawiki - Growth Experiments ExtensionMediaWiki CookieConsent extensionMediawiki - Wikibase ExtensionMediawiki - ApprovedRevs ExtensionMediawiki - Monaco SkinMediawiki - DiscussionTools ExtensionMediawiki - GlobalWatchlist ExtensionMediawiki - Score ExtensionMediawiki - Wikibase Media Info Extension
CVE IDTitleCVSSSeverityPublished
CVE-2025-62668 Insufficient permission checks in action=growthsetmentor — Mediawiki - GrowthExperiments ExtensionCWE-276 7.5AIHighAI2025-10-18
CVE-2025-62669 UserInfoCard: activeLocalBlocksAllWikis does not do permissions checks — Mediawiki - CentralAuth ExtensionCWE-200 7.5AIHighAI2025-10-18
CVE-2025-62670 Stored XSS through a system message in FlexDiagrams — Mediawiki - FlexDiagrams ExtensionCWE-79 6.1AIMediumAI2025-10-18
CVE-2025-62671 Stored XSS through wikitext in Cargo — Mediawiki - Cargo ExtensionCWE-79 6.1AIMediumAI2025-10-18
CVE-2025-62662 Stored XSS through system messages in AdvancedSearch — Mediawiki - AdvancedSearch ExtensionCWE-79 6.1AIMediumAI2025-10-18
CVE-2025-62663 Stored XSS through a system message in UploadWizard — Mediawiki - UploadWizard ExtensionCWE-79 6.1AIMediumAI2025-10-18
CVE-2025-62664 Stored XSS through a system message in ImageRating — Mediawiki - ImageRating ExtensionCWE-79 5.4AIMediumAI2025-10-18
CVE-2025-62655 SQL injection in Cargo via Special:CargoExport — MediaWiki Cargo extensionCWE-89 9.8AICriticalAI2025-10-17
CVE-2025-62654 Stored XSS through system messages in QuizGame — MediaWiki QuizGame extensionCWE-79 5.4AIMediumAI2025-10-17
CVE-2025-62653 Stored XSS through system messages in PollNY — MediaWiki PollNY extensionCWE-79 6.1AIMediumAI2025-10-17
CVE-2025-62652 Stored XSS in WebAuthn key name — MediaWiki WebAuthn extensionCWE-79 5.4AIMediumAI2025-10-17
CVE-2025-32077 XSSes in Extension:SimpleCalendar — Mediawiki - Extension:SimpleCalendarCWE-20 6.1AIMediumAI2025-04-11
CVE-2025-32078 XSSes and potential RCE in Special:VersionCompare — Mediawiki - Version Compare ExtensionCWE-116 6.1AIMediumAI2025-04-11
CVE-2025-32079 Saving the right content to MediaWiki:GrowthMentors.json can take down the site — Mediawiki - GrowthExperimentsCWE-20 7.5AIHighAI2025-04-11
CVE-2025-32080 Cross-origin data leak in mobilefrontend via lazy load images — Mediawiki - Mobile Frontend ExtensionCWE-200 5.3AIMediumAI2025-04-11
CVE-2025-32076 Evil regex used to process user-provided data in VisualData — Mediawiki - Visual Data ExtensionCWE-20 7.5AIHighAI2025-04-11
CVE-2025-32072 HTML injection in feed output from i18n message — Mediawiki Core - Feed UtilsCWE-116 6.5AIMediumAI2025-04-11
CVE-2025-32073 System message XSS in HTMLTags — Mediawiki - HTML TagsCWE-20 6.1AIMediumAI2025-04-11
CVE-2025-32074 XSSes in Extension:ConfirmAccount — Mediawiki - Confirm Account ExtensionCWE-116 6.1AIMediumAI2025-04-11
CVE-2025-32075 IP and user agent leaks in Extension:Tabs — Mediawiki - Tabs ExtensionCWE-20 9.8AICriticalAI2025-04-11
CVE-2025-32067 i18n XSS vulnerability in message growthexperiments — Mediawiki - Growth Experiments ExtensionCWE-20 6.1AIMediumAI2025-04-11
CVE-2025-32068 Revoking authorization of OAuth2 consumer does not invalidate refresh tokens — Mediawiki - OAuth ExtensionCWE-863 9.8AICriticalAI2025-04-11
CVE-2025-32069 Wikitext stored XSS on filepages due to dangerous WBMI serialization — Mediawiki - Wikibase Media Info ExtensionCWE-20 6.1AIMediumAI2025-04-11
CVE-2025-32070 XSSes in AJAXPoll — Mediawiki - AJAX Poll ExtensionCWE-20 6.1AIMediumAI2025-04-11
CVE-2025-32071 Wikibase CommonsInlineImageFormatter: i18n XSS — Mediawiki - Wikidata ExtensionCWE-20 6.1AIMediumAI2025-04-11
CVE-2024-47841 Path traversal when loading stylesheets — Mediawiki - CSS ExtensionCWE-22 7.5 -2024-10-05
CVE-2024-47840 Stored XSS through sidebar in Apex skin — Mediawiki - Apex skinCWE-79 6.1 -2024-10-05
CVE-2024-47847 Various XSSes found in Cargo — Mediawiki - CargoCWE-79 6.1 -2024-10-05
CVE-2024-47846 Special:DeleteCargoTable and Special:SwitchCargoTable have no CSRF protection — Mediawiki - CargoCWE-352 8.8 -2024-10-05
CVE-2024-47849 Backticks can allow the usage of not-allowed SQL functions — Mediawiki - CargoCWE-89 9.8 -2024-10-05

This page lists every published CVE security advisory associated with The Wikimedia Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.