Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Wikimedia Foundation — Vulnerabilities & Security Advisories 107

Browse all 107 CVE security advisories affecting Wikimedia Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Wikimedia Foundation:MediaWikiCheckUserMediawiki - Cargo ExtensionMediawiki - AbuseFilter ExtensionMediawiki - CheckUser extensionMediawiki - SecurePoll extensionVectorMediawiki - MintyDocs ExtensionMediawiki - CampaignEvents ExtensionMediaWiki - ProofreadPage ExtensionMediawiki - IPInfo ExtensionVisualEditorWikipedia PreviewMediaWiki - CSS extensionMediaWiki - VisualData ExtensionMediawiki - Skin:BlueSkyMediawiki - ApprovedRevs extensionAbuseFilterMediaWiki - UploadWizard extensionMediawiki - WikiCategoryTagCloud extensionMultimediaViewerConfirmEditOATHAuthDiscussionToolsTextExtractsThanksScribuntoMediaWiki - ReportIncident ExtensionMediawiki - FeaturedFeeds ExtensionMediawiki - SocialProfile Extension
CVE IDTitleCVSSSeverityPublished
CVE-2025-32700 AbuseFilter log interfaces expose global private and hidden filters when central DB is not available — MediaWikiCWE-200 7.5AIHighAI2025-04-10
CVE-2025-32699 Potential javascript injection attack enabled by Unicode normalization in Action API — MediaWikiCWE-79 9.1AICriticalAI2025-04-10
CVE-2025-32698 LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions — MediaWikiCWE-200 7.5AIHighAI2025-04-10
CVE-2025-32697 Cascading protection is not preventing file reversions — MediaWikiCWE-281 8.2AIHighAI2025-04-10
CVE-2025-32696 "reupload-own" restriction can be bypassed by reverting file — MediaWikiCWE-281 7.5AIHighAI2025-04-10
CVE-2025-3469 i18n XSS vulnerability in HTMLMultiSelectField when sections are used — MediaWikiCWE-79 6.1AIMediumAI2025-04-10
CVE-2025-23074 Special:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed) — Mediawiki - SocialProfile ExtensionCWE-200 9.1 -2025-01-14
CVE-2025-23073 API list=globalblocks can reveal IP of autoblock if username and IP are included in the bgtargets parameter — Mediawiki - GlobalBlocking ExtensionCWE-200 7.5 -2025-01-14
CVE-2025-23072 XSS in Special:RefreshSpecial — Mediawiki - RefreshSpecial ExtensionCWE-79 6.1 -2025-01-14
CVE-2025-23081 Various security vulnerabilities in Extension:DataTransfer — Mediawiki - DataTransfer ExtensionCWE-352 9.6 -2025-01-14
CVE-2025-23080 XSSes in Special:BadgeView — Mediawiki - OpenBadges ExtensionCWE-79 6.1 -2025-01-14
CVE-2025-23079 XSSes in Extension:ArticleFeedbackv5 — Mediawiki - ArticleFeedbackv5 extensionCWE-79 6.1 -2025-01-10
CVE-2025-23078 XSS in BreadCrumbs2 — Mediawiki - Breadcrumbs2 extensionCWE-79 6.1 -2025-01-10
CVE-2013-4572 MediaWiki 授权问题漏洞 — MediaWiki 9.8 -2020-02-06
CVE-2013-6451 MediaWiki 跨站脚本漏洞 — MediaWiki 6.1 -2020-01-28
CVE-2013-6455 MediaWiki CentralAuth 信息泄露漏洞 — MediaWiki 5.3 -2020-01-28
CVE-2013-4303 MediaWiki 跨站脚本漏洞 — MediaWiki 6.1 -2019-12-11

This page lists every published CVE security advisory associated with Wikimedia Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.