Description
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.
Remediation
References
Related Vulnerabilities
WordPress Plugin MapPress Maps for WordPress Cross-Site Request Forgery (2.53.8)
Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21690 )
WordPress 3.7.x Arbitrary File Deletion Vulnerability (3.7 - 3.7.26)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.113)
WordPress Plugin JobSearch WP Job Board Cross-Site Scripting (1.5.1)