CVE-2025-53485 SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes

SetTranslationHandler.php does not validate that the user is an election admin, allowing any even unauthenticated user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension:...

CVE-2025-53485 SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes

SetTranslationHandler.php does not validate that the user is an election admin, allowing any even unauthenticated user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension:...

CVE-2025-53484 SecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped input

User-controlled inputs are improperly escaped in: VotePage.php poll option input ResultPage::getPagesTab and getErrorsTab user-controllable page names This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll...

CVE-2025-53484

The CVE-2025-53484 affects the MediaWiki SecurePoll extension. Affected versions are 1.39.x before 1.39.13, 1.42.x before 1.42.7, and 1.43.x before 1.43.2. The root cause is improper escaping of user-controlled inputs in VotePage.php (poll option input) and in ResultPage’s getPagesTab() and getEr...

CVE-2025-53484 SecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped input

User-controlled inputs are improperly escaped in: VotePage.php poll option input ResultPage::getPagesTab and getErrorsTab user-controllable page names This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This issue affects Mediawiki - SecurePoll...

CVE-2025-53483

The CVE-2025-53483 issue affects the MediaWiki SecurePoll extension and is triggered by pages ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage::executeClear() not validating request methods or CSRF tokens. The vulnerability enables CSRF to trigger sensitive admin actions when an admin...

CVE-2025-53483 SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery

ArchivePage.php, UnarchivePage.php, and VoterEligibilityPageexecuteClear do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42....

CVE-2025-53483 SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery

ArchivePage.php, UnarchivePage.php, and VoterEligibilityPageexecuteClear do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42....

PT-2025-28018 · Mediawiki · Mediawiki Securepoll Extension

Name of the Vulnerable Software and Affected Versions: MediaWiki SecurePoll extension versions 1.39.X through 1.39.12 MediaWiki SecurePoll extension versions 1.42.X through 1.42.6 MediaWiki SecurePoll extension versions 1.43.X through 1.43.1 Description: The issue arises from the lack of validati...

PT-2025-28017 · Mediawiki · Securepoll Extension +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - SecurePoll extension versions 1.39.0 through 1.39.12 Mediawiki - SecurePoll extension versions 1.42.0 through 1.42.6 Mediawiki - SecurePoll extension versions 1.43.0 through 1.43.1 Description: The issue arises from improper...

Wikimedia Mediawiki - SecurePoll extension 安全漏洞

Wikimedia Mediawiki - SecurePoll extension is a special page extension for elections, polls and surveys from the Wikimedia Foundation. A security vulnerability in the Mediawiki - SecurePoll extension versions prior to 1.39.13, prior to 1.42.7, and prior to 1.43.2, which stems from improperly...

PT-2025-28016 · Mediawiki · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - SecurePoll extension versions 1.39.X through 1.39.12 Mediawiki - SecurePoll extension versions 1.42.X through 1.42.6 Mediawiki - SecurePoll extension versions 1.43.X through 1.43.1 Description: The issue affects the Mediawiki -...

Wikimedia Mediawiki - SecurePoll extension 跨站请求伪造漏洞

Wikimedia Mediawiki - SecurePoll extension is a special page extension for elections, polls and surveys from the Wikimedia Foundation. A cross-site request forgery vulnerability exists in the Wikimedia Mediawiki - SecurePoll extension versions prior to 1.39.13, prior to 1.42.7, and prior to 1.43....

CVE-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...

CVE-2020-35624

An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded...

BIT-MEDIAWIKI-2020-35624

An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded...

BIT-MEDIAWIKI-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...

BIT-MEDIAWIKI-2021-46148

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information e.g., IP addresses and User-Agent headers for election traffic on a testwiki SecurePoll instance...

BIT-MEDIAWIKI-2022-28323

An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,...

CVE-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote...