CVE-2025-53485
The CVE concerns the MediaWiki SecurePoll extension where SetTranslationHandler.php does not validate that the user is an election admin. This allows any (even unauthenticated) user to change election-related translation text. Affects SecurePoll versions: 1.39.X before 1.39.13; 1.42.X before 1.42...