Description
An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Unspecified Vulnerability (2.0.77.3)
WordPress Plugin YITH WooCommerce Gift Cards Security Bypass (1.3.7)
MySQL CVE-2017-10384 Vulnerability (CVE-2017-10384)
WordPress Plugin Markdown on Save Improved Cross-Site Scripting (2.5)
WordPress Plugin Chameleoni Jobs Multiple Cross-Site Scripting Vulnerabilities (1.2.2)