Description
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
Remediation
References
Related Vulnerabilities
WordPress Plugin FireStorm Professional Real Estate Multiple SQL Injection Vulnerabilities (2.05.01)
Oracle JRE CVE-2014-2420 Vulnerability (CVE-2014-2420)
WordPress Plugin Soundy Background Music Cross-Site Scripting (3.9)
WordPress Plugin Restaurant Menu-Food Ordering System-Table Reservation Security Bypass (2.3.0)