Description
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP SEO Redirect 301 Cross-Site Request Forgery (2.3.1)
WordPress Plugin Search Types Custom Fields Widget Unspecified Vulnerability (1.3)
WordPress Plugin Simply Static Multiple Vulnerabilities (1.7.0)
WordPress 'wp-login.php' HTTP Response Splitting Vulnerability (1.2)
WordPress Plugin Monarch Social Sharing Security Bypass (1.2.6)