Description
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cryptocurrency Widgets For Elementor Security Bypass (1.2.1)
WordPress Plugin Yasr-Yet Another Stars Rating SQL Injection (0.9.0)
phpMyFAQ Improper Privilege Management Vulnerability (CVE-2023-1762)
WordPress Plugin Export Users to CSV CSV Injection (1.4.2)
Roundcube Resource Management Errors Vulnerability (CVE-2008-5620)