Description
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2006-0267 Vulnerability (CVE-2006-0267)
XWiki Incorrect Authorization Vulnerability (CVE-2023-32069)
WordPress Plugin Video.js-HTML5 Video Player for Wordpress Cross-Site Scripting (3.2.3)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5497)