Description
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
Remediation
References
Related Vulnerabilities
WordPress Plugin Top Quark Architecture 'script.php' Arbitrary File Upload (2.1.0)
WordPress Plugin YOP Poll Cross-Site Scripting (6.3.2)
SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-21260)
WordPress Plugin Shortcoder-Create Shortcodes for Anything Security Bypass (6.3)
WordPress Plugin WP Forum Server 'edit_post_id' Parameter SQL Injection (1.7)