Description
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.
Remediation
References
Related Vulnerabilities
WordPress Plugin SocialGrid 'default_services' Parameter Cross-Site Scripting (2.3)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0093)
WordPress Plugin WP Super Cache Multiple Vulnerabilities (1.4.4)
WordPress Plugin Child Themes Helper Multiple Vulnerabilities (2.0)