Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.

Remediation

References

CVE-2021-31554

Related Vulnerabilities

WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Cross-Site Scripting (2.4.13)

Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-4315)

OpenSSL Other Vulnerability (CVE-2015-0207)

Tornado URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-28370)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Security Bypass (1.3.75)

Severity

Medium

Classification

CVE-2021-31554 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities