Description
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog)
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3546)
WordPress Plugin jRSS Widget Server-Side Request Forgery (1.2)
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4624)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4112)