Description
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.
Remediation
References
Related Vulnerabilities
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2018-20148)
WordPress Plugin Disable Comments Cross-Site Request Forgery (1.0.3)
WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (5.8.1)
WordPress Plugin Integration for Contact Form 7 and Salesforce Cross-Site Scripting (1.2.4)