Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Wikimedia Foundation — Vulnerabilities & Security Advisories 107

Browse all 107 CVE security advisories affecting Wikimedia Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Wikimedia Foundation:MediaWikiCheckUserMediawiki - Cargo ExtensionMediawiki - AbuseFilter ExtensionMediawiki - CheckUser extensionMediawiki - SecurePoll extensionVectorMediawiki - MintyDocs ExtensionMediawiki - CampaignEvents ExtensionMediaWiki - ProofreadPage ExtensionMediawiki - IPInfo ExtensionVisualEditorWikipedia PreviewMediaWiki - CSS extensionMediaWiki - VisualData ExtensionMediawiki - Skin:BlueSkyMediawiki - ApprovedRevs extensionAbuseFilterMediaWiki - UploadWizard extensionMediawiki - WikiCategoryTagCloud extensionMultimediaViewerConfirmEditOATHAuthDiscussionToolsTextExtractsThanksScribuntoMediaWiki - ReportIncident ExtensionMediawiki - FeaturedFeeds ExtensionMediawiki - SocialProfile Extension
CVE IDTitleCVSSSeverityPublished
CVE-2025-7363 TitleIcon: Stored Cross-Site Scripting (XSS) via #titleicon_unicode parser function — Mediawiki - TitleIcon extensionCWE-79 5.4AIMediumAI2025-07-08
CVE-2025-7362 MsUpload: Stored Cross-Site Scripting (XSS) via unsanitized msu-continue system message — Mediawiki - MsUpload extensionCWE-79 5.4AIMediumAI2025-07-08
CVE-2025-53479 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:CheckUser via unsanitized internationalized message — Mediawiki - CheckUser extensionCWE-79 6.1AIMediumAI2025-07-08
CVE-2025-53480 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate (Account information tab) via unsanitized i18n messages — Mediawiki - CheckUser extensionCWE-79 6.1AIMediumAI2025-07-08
CVE-2025-53496 Stored XSS in MediaSearch — Mediawiki - MediaSearch ExtensionCWE-79 6.1AIMediumAI2025-07-07
CVE-2025-53488 Stored XSS in WikiHiero — Mediawiki - WikiHiero ExtensionCWE-79 5.4AIMediumAI2025-07-07
CVE-2025-53498 Lack of Audit Logging in AbuseFilter — Mediawiki - AbuseFilter ExtensionCWE-778 5.3AIMediumAI2025-07-07
CVE-2025-53499 Unauthorized Inspection of Protected Variables in AbuseFilter — Mediawiki - AbuseFilter ExtensionCWE-862 9.8AICriticalAI2025-07-07
CVE-2025-53495 Unauthorized Disclosure of IP Reputation in AbuseFilter — Mediawiki - AbuseFilter ExtensionCWE-862 9.8AICriticalAI2025-07-07
CVE-2025-53478 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:Investigate via unsanitized i18n messages — Mediawiki - CheckUser extensionCWE-79 6.1AIMediumAI2025-07-07
CVE-2025-53497 Stored XSS in RelatedArticles — Mediawiki - RelatedArticles ExtensionCWE-79 5.4AIMediumAI2025-07-07
CVE-2025-53491 XSS in FlaggedRevs — Mediawiki - FlaggedRevs ExtensionCWE-79 6.1AIMediumAI2025-07-07
CVE-2025-53487 ApprovedRevs: Stored Cross-Site Scripting (XSS) via unsanitized system messages — Mediawiki - ApprovedRevs extensionCWE-79 5.4AIMediumAI2025-07-07
CVE-2025-7057 Stored XSS in Quiz — Mediawiki - Quiz ExtensionCWE-79 6.1AIMediumAI2025-07-07
CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function — Mediawiki - WikiCategoryTagCloud extensionCWE-79 6.1AIMediumAI2025-07-07
CVE-2025-7056 Stored XSS in UrlShortener — Mediawiki - UrlShortener ExtensionCWE-79 6.1AIMediumAI2025-07-07
CVE-2025-53485 SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes — Mediawiki - SecurePoll extensionCWE-862 5.3 -2025-07-04
CVE-2025-53484 SecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped input — Mediawiki - SecurePoll extensionCWE-79 6.1 -2025-07-04
CVE-2025-53483 SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery — Mediawiki - SecurePoll extensionCWE-352 8.8 -2025-07-04
CVE-2025-53482 IPInfo: Message key XSS through several IPInfo messages in infobox and popup — Mediawiki - IPInfo ExtensionCWE-79 6.1 -2025-07-04
CVE-2025-53481 Denial of service vector on ipinfo/v0/norevision — Mediawiki - IPInfo ExtensionCWE-400 7.5 -2025-07-04
CVE-2025-6926 Security Authentication Bypass in CentralAuth — Mediawiki - CentralAuth ExtensionCWE-287 9.8AICriticalAI2025-07-03
CVE-2025-53500 Stored XSS in MassEditRegex — Mediawiki - MassEditRegex ExtensionCWE-79 6.1AIMediumAI2025-07-03
CVE-2025-53501 Content Access Bypass in Scribunto — Mediawiki - Scribunto ExtensionCWE-284 6.5AIMediumAI2025-07-03
CVE-2025-53502 HTML injection in FeaturedFeeds — Mediawiki - FeaturedFeeds ExtensionCWE-20 6.1AIMediumAI2025-07-03
CVE-2025-53489 XSS in GoogleDocs4MW — Mediawiki - GoogleDocs4MW ExtensionCWE-79 6.1AIMediumAI2025-07-03
CVE-2025-53490 Multiple XSS in CampaignEvents — Mediawiki - CampaignEvents ExtensionCWE-79 6.1AIMediumAI2025-07-03
CVE-2025-53492 Stored XSS in MintyDocs — Mediawiki - MintyDocs ExtensionCWE-79 6.1AIMediumAI2025-07-02
CVE-2025-53493 Stored XSS in MintyDocs — Mediawiki - MintyDocs ExtensionCWE-79 6.1AIMediumAI2025-07-02
CVE-2025-53494 Stored XSS in TwoColConflict — Mediawiki - TwoColConflict ExtensionCWE-79 6.1AIMediumAI2025-07-02

This page lists every published CVE security advisory associated with Wikimedia Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.