Description
An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4299)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6131)
WordPress Plugin WP Image Zoom Local File Inclusion (1.46)
WordPress Plugin AStickyPostOrderER Cross-Site Scripting (0.3.1)
WordPress Plugin Greenshift-animation and page builder blocks Cross-Site Scripting (4.8.8)