✅ Check your installed version
All known vulnerabilities
CRITICAL9.8CVE-2023-29141X-Forwarded-For header allows brute-forcing autoblocked IP addresses >= 1.39.0, < 1.39.3
CRITICAL9.8CVE-2019-12468Wikimedia MediaWiki Incorrect Access Control vulnerability >= 1.27.0, < 1.27.6
>= 1.27.0, < 1.27.6
from 0, < 1.35.12
HIGH7.5CVE-2020-25827OATHAuth extension in MediaWiki is not implementing rate limit >= 1.31.0, < 1.31.9
>= 1.27.0, < 1.27.6
HIGH7.5CVE-2019-12473Wikimedia Potential DOS due to slow WatchedItemStore::countVisitingWatchersMultiple >= 1.27.0, < 1.27.6
>= 1.18.0, < 1.27.6
MEDIUM6.5CVE-2019-12470Wikimedia MediaWik exposed suppressed log in RevisionDelete page >= 1.27.0, < 1.27.6
MEDIUM6.5CVE-2019-12469MediaWiki Incorrect Access Control vulnerability >= 1.27.0, < 1.27.6
MEDIUM6.5CVE-2018-0505Mediawiki BotPassword can bypass CentralAuth's account lock >= 1.27.0, < 1.27.5
MEDIUM6.5CVE-2018-0504Mediawiki information disclosure vulnerability >= 1.27.0, < 1.27.5
MEDIUM6.1CVE-2020-25814MediaWiki Cross-site Scripting (XSS) vulnerability >= 1.31.0, < 1.31.9
MEDIUM6.1CVE-2020-25815MediaWiki Cross-site Scripting (XSS) vulnerability >= 1.32.0, < 1.34.3
MEDIUM6.1CVE-2020-25828MediaWiki Cross-site Scripting (XSS) vulnerability >= 1.31.0, < 1.31.9
MEDIUM6.1CVE-2020-25812MediaWiki Cross-site Scripting (XSS) vulnerability >= 1.34.0, < 1.34.3
from 0, < 1.34.0-rc.0
>= 1.31.0, < 1.31.6
>= 1.27.0, < 1.27.6
from 0, < 1.36.2
MEDIUM5.3CVE-2020-25813MediaWiki Special:UserRights exposes the existence of hidden users >= 1.31.0, < 1.31.9
MEDIUM5.3CVE-2020-10960MediaWiki makeCollapsible allows applying event handler to any CSS selector >= 1.31.0, < 1.31.7
>= 1.31.0, < 1.31.4
MEDIUM5.3CVE-2019-12467MediaWiki Incorrect Access Control vulnerability from 0, < 1.27.6
>= 1.31.0, < 1.31.1
>= 1.27.0, < 1.27.5
from 0, < 1.31.8
—CVE-2014-2853Cross-site scripting vulnerability in includes/actions/InfoAction.php from 0, < 1.21.9