PT-2021-11621 · Mediawiki +1 · Mediawiki Push Extension +1

Name of the Vulnerable Software and Affected Versions: MediaWiki Push extension versions through 1.35 Description: The issue concerns a lack of required edit token in the API of the Push extension for MediaWiki, specifically in ApiPushBase.php. This omission facilitates a CSRF attack...