CVE-2025-53625 DynamicPageList3 exposes hidden/suppressed usernames

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fix...

CVE-2025-53625

The CVE-2025-53625 entry concerns the DynamicPageList3 extension for MediaWiki. Several #dpl parameters can leak usernames that were hidden via revision deletion, suppression, or the hideuser block flag. The issue affects DynamicPageList3 prior to version 3.6.4 and is addressed by upgrading to 3....

GHSA-7PGW-Q3QP-6PGQ DynamicPageList3 vulnerability exposes hidden/suppressed usernames

Summary Several dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. Details The parameters adduser, addauthor, and addlasteditor output the page creator or last editor using the %USER% placeholder. These display the actual...

DynamicPageList3 vulnerability exposes hidden/suppressed usernames

Summary Several dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. Details The parameters adduser, addauthor, and addlasteditor output the page creator or last editor using the %USER% placeholder. These display the actual...

DynamicPageList3 安全漏洞

DynamicPageList3 is an application by CosmicAlpha Personal Developers. A security vulnerability exists in DynamicPageList3 versions prior to 3.6.4, which stems from multiple dpl parameters that may reveal hidden usernames...

PT-2025-42564

Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software potentially leaks hidden usernames in Watchlist and RecentChanges features. This could allow unauthorized access to user information. Recommendations At the moment, there is no...

BIT-MEDIAWIKI-2023-45369

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed...

PT-2023-8950 · Mediawiki +2 · Mediawiki +3

Name of the Vulnerable Software and Affected Versions: MediaWiki PageTriage extension versions prior to 1.35.12 MediaWiki PageTriage extension versions 1.36.x through 1.39.x before 1.39.5 MediaWiki PageTriage extension versions 1.40.x before 1.40.1 Description: An issue was discovered in the...

PT-2023-22167 · Mediawiki +1 · Growthexperiments Extension For Mediawiki +1

Name of the Vulnerable Software and Affected Versions: GrowthExperiments extension for MediaWiki versions through 1.39.3 Description: An issue in the GrowthExperiments extension for MediaWiki allows attackers to see edits for which the username has been hidden, due to a lack of check for rev...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.39.3 and prior versions. An attacker...

Design/Logic Flaw

The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification...