Description
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.
Remediation
References
Related Vulnerabilities
WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.14)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-20187)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10186)
WordPress Plugin Track That Stat 'data' Parameter Cross-Site Scripting (1.0.8)
WordPress Plugin Zedity:The Easiest Way To Create Posts & Pages Cross-Site Scripting (2.5.0)