Description
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
Remediation
References
Related Vulnerabilities
WordPress Plugin Mingle Forum Multiple Cross-Site Request Forgery Vulnerabilities (1.0.34)
Apache Traffic Server CVE-2015-5206 Vulnerability (CVE-2015-5206)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2023-28625)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Security Bypass (2.9.2)