Mediawiki Security Vulnerabilities (CVEs)

Track 35 security vulnerabilities affecting Mediawiki products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

12 Critical

16 High

7 Medium

Sort by:

🔔 Get Alerts for Mediawiki

CVE-2025-61645 6.1

This is a cross-site scripting (XSS) vulnerability in MediaWiki's CodexTablePager component that allows attackers to inject malicious scripts into web...

Feb 3, 2026

CVE-2024-47847 6.1

This CVE describes a cross-site scripting (XSS) vulnerability in the Mediawiki Cargo extension where user input isn't properly sanitized before being ...

Oct 5, 2024

CVE-2024-47849 9.8

This SQL injection vulnerability in MediaWiki's Cargo extension allows attackers to execute arbitrary SQL commands on the database. It affects MediaWi...

Oct 5, 2024

CVE-2024-40596 4.3

The CheckUser extension for MediaWiki has a vulnerability where the Special:Investigate feature can expose suppressed log event information that shoul...

Jul 7, 2024

CVE-2024-40597 7.5

The CheckUser extension for MediaWiki fails to respect the log_deleted attribute, allowing unauthorized users to view suppressed log information. This...

Jul 7, 2024

CVE-2024-40599 4.8

This stored cross-site scripting (XSS) vulnerability in the GuMaxDD skin for MediaWiki allows attackers to inject malicious scripts into top-level men...

Jul 7, 2024

CVE-2024-40601 6.5

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the MediaWikiChat extension for MediaWiki. Attackers can trick authenticated u...

Jul 7, 2024

CVE-2024-40603 4.3

This CSRF vulnerability in the ArticleRatings MediaWiki extension allows attackers to manipulate article rating data without user consent. Attackers c...

Jul 7, 2024

CVE-2024-40605 4.8

This stored cross-site scripting (XSS) vulnerability in MediaWiki's Foreground skin allows attackers to inject malicious scripts into top-level menu e...

Jul 7, 2024

CVE-2024-34502 9.8

This vulnerability allows unauthenticated attackers to merge lexemes in WikibaseLexeme without proper authorization. It affects MediaWiki installation...

May 5, 2024

CVE-2024-34507 7.4

This vulnerability allows cross-site scripting (XSS) attacks in MediaWiki due to improper handling of the escape character (0x1b) in comment parsing. ...

May 5, 2024

CVE-2023-45371 7.5

This vulnerability allows attackers to perform unlimited item merging operations in Wikibase, potentially disrupting data integrity and availability. ...

Oct 9, 2023

CVE-2023-45363 7.5

This vulnerability in MediaWiki's ApiPageSet.php allows attackers to trigger an infinite loop when querying pages with specific redirect and title con...

Oct 9, 2023

CVE-2023-37303 9.8

This vulnerability in the CheckUser extension for MediaWiki allows denial-of-service attacks when attempting to block users, causing temporary browser...

Jun 30, 2023

CVE-2020-29007 9.8

This vulnerability allows remote code execution in MediaWiki installations using the Score extension. Any user with article edit permissions (includin...

Apr 15, 2023

CVE-2023-29141 9.8

This vulnerability in MediaWiki allows attackers to trigger automatic IP blocking by manipulating the X-Forwarded-For HTTP header. It affects MediaWik...

Mar 31, 2023

CVE-2022-28323 7.5

The SecurePoll extension in MediaWiki through version 1.37.2 contains an information disclosure vulnerability where sorting by timestamp can leak sens...

Apr 30, 2022

CVE-2022-29904 9.8

This CVE describes an SQL injection vulnerability in the SemanticDrilldown extension for MediaWiki. Attackers can exploit certain '-' and '_' constrai...

Apr 29, 2022

CVE-2022-29906 9.8

This vulnerability allows attackers to bypass authorization checks in the QuizGame extension for MediaWiki, granting unauthorized access to admin API ...

Apr 29, 2022

CVE-2022-29547 7.5

The CreateRedirect extension for MediaWiki before April 14, 2022 fails to properly verify user permissions when creating redirects, allowing unauthori...

Apr 21, 2022

CVE-2022-28205 9.8

A critical vulnerability in MediaWiki's CentralAuth extension allows improper handling of group expiration timestamps (TTL), potentially enabling priv...

Mar 30, 2022

CVE-2022-28209 9.8

This vulnerability in MediaWiki's AntiSpoof extension allows users with the 'override-antispoof' permission to bypass username spoofing checks. It aff...

Mar 30, 2022

CVE-2017-0371 7.5

This vulnerability allows remote attackers to discover the IP addresses of Wiki visitors through a CSS injection attack. Attackers can embed malicious...

Feb 18, 2022

CVE-2021-46149 7.5

This vulnerability allows attackers to cause denial of service by searching for extremely long language names in MediaWiki's Language Name Search feat...

Jan 10, 2022

CVE-2021-46147 8.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in MediaWiki's MassEditRegex extension. It allows attackers to trick authenticate...

Jan 10, 2022

CVE-2021-44858 7.5

This vulnerability allows unauthorized users to view private pages on MediaWiki installations configured as private wikis with whitelist read restrict...

Dec 20, 2021

CVE-2021-41799 7.5

CVE-2021-41799 is a denial-of-service vulnerability in MediaWiki's ApiQueryBacklinks feature that allows attackers to trigger full table scans, consum...

Oct 11, 2021

CVE-2021-41801 8.8

This vulnerability in MediaWiki's ReplaceText extension allows blocked users to still execute previously submitted text replacement jobs through the j...

Oct 11, 2021

CVE-2021-42040 7.5

This vulnerability in MediaWiki's Loops extension allows attackers to trigger infinite loops through parser functions, causing memory exhaustion and p...

Oct 6, 2021

CVE-2021-31556 9.8

This vulnerability in MediaWiki's OAuth extension allows attackers to cause denial of service or potentially execute arbitrary code by submitting RSA ...

Aug 12, 2021

CVE-2021-36125 7.5

This vulnerability in MediaWiki's CentralAuth extension allows attackers to cause denial of service through infinite loops when processing username re...

Jul 2, 2021

CVE-2021-36126 9.8

This vulnerability in MediaWiki's AbuseFilter extension causes a fatal error when both the content language and English versions of the MediaWiki:Abus...

Jul 2, 2021

CVE-2021-36128 9.8

This vulnerability in MediaWiki's CentralAuth extension allows improper implementation of autoblocks for suppression blocks. Attackers could bypass ac...

Jul 2, 2021

CVE-2021-36132 8.8

This vulnerability in MediaWiki's FileImporter extension allows users with insufficient permissions to upload files when certain relaxed configuration...

Jul 2, 2021

CVE-2021-31555 7.5

This vulnerability in MediaWiki's OAuth extension allows attackers to submit overly long oarc_version parameters, potentially causing buffer overflows...

Apr 22, 2021

Why Monitor Mediawiki Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 35+ known vulnerabilities affecting Mediawiki products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Mediawiki packages in under 60 seconds. No agents required - completely agentless scanning that works across Mediawiki deployments.

Free vulnerability database: Access detailed information about every Mediawiki CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Mediawiki CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Mediawiki CVEs Free