Description
MediaWiki version older than 1.22.2, 1.21.5 and 1.19.11 are affected by a remote code execution vulnerability if file upload support for DjVu is enabled (natively supported by MediaWiki) or PDF file upload support is enabled (in combination with the PdfHandler extension). Neither file type is enabled by default in MediaWiki installations. If you are affected, we strongly urge you to update immediately.
Remediation
Update to the latest version of MediaWiki.
References
Related Vulnerabilities
WordPress Plugin WOOF-Products Filter for WooCommerce Multiple Vulnerabilities (1.1.4.2)
WordPress Plugin YITH WooCommerce Added to Cart Popup Security Bypass (1.3.11)
WordPress Plugin WP Review Multiple Unspecified Vulnerabilities (2.0)
WordPress Plugin Jigoshop-Store Toolkit Privilege Escalation (1.3.8)
WordPress Plugin Thrive Apprentice Security Bypass (2.3.9.3)