Description

An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.

Remediation

References

CVE-2023-45371

Related Vulnerabilities

WordPress Plugin Simple Security Multiple Cross-Site Scripting Vulnerabilities (1.1.5)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-32071)

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-34305)

WordPress Plugin Font Awesome Information Disclosure (4.0.0-rc16)

Moodle Missing Authorization Vulnerability (CVE-2025-32045)

Severity

High

Classification

CVE-2023-45371 CWE-770 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities