Description
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Booking System Multiple Vulnerabilities (1.5.1)
WordPress Plugin AVK-Shop Multiple Cross-Site Scripting Vulnerabilities (1.1.1)
WordPress Plugin AccessAlly PHP Code Execution (3.3.1)
WordPress Plugin WooCommerce Arbitrary File Deletion (3.4.5)
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2019-6340)