Description
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead.
Remediation
References
Related Vulnerabilities
WordPress Plugin Testimonial Slider Multiple Cross-Site Scripting Vulnerabilities (1.2.5)
WordPress Plugin Variation Swatches for WooCommerce Cross-Site Scripting (1.0.61)
WordPress Plugin wpDataTables-WordPress Tables & Table Charts Arbitrary File Upload (1.5.3)
Oracle Database Server CVE-2007-2115 Vulnerability (CVE-2007-2115)
WordPress Plugin WooCommerce Conversion Tracking Cross-Site Request Forgery (2.0.4)