Skip to main content

Abusefilter

4 CVEs product

Monthly

CVE-2026-58027 MEDIUM PATCH This Month

Sensitive abuse filter configuration data in Wikimedia Foundation's AbuseFilter MediaWiki extension is exposed to authenticated low-privilege users via the QueryAbuseFilters API endpoint (includes/Api/QueryAbuseFilters.php). Authenticated wiki users on affected installations (all versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9) can retrieve private or restricted filter rule details they should not be authorized to access. No active exploitation has been confirmed (not listed in CISA KEV) and no public proof-of-concept exploit is known at time of analysis, but the moderate CVSS 4.0 score of 5.3 reflects real risk to wikis relying on confidential filter logic for abuse prevention.

PHP Information Disclosure Abusefilter
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2026-34086 LOW PATCH Monitor

Information disclosure in Wikimedia Foundation AbuseFilter allows low-privileged authenticated users with user interaction to access limited confidential data through a network vector. The vulnerability affects AbuseFilter versions prior to 1.43.7, 1.44.4, and 1.45.2, with very low CVSS score (2.1) indicating minimal real-world impact but potential for sensitive information leakage in filtered content or filter logic contexts.

Information Disclosure Abusefilter
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2019-18987 MEDIUM PATCH This Month

An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Abusefilter
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-18612 MEDIUM PATCH This Month

An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Abusefilter
NVD
CVSS 3.1
5.3
EPSS
0.9%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Sensitive abuse filter configuration data in Wikimedia Foundation's AbuseFilter MediaWiki extension is exposed to authenticated low-privilege users via the QueryAbuseFilters API endpoint (includes/Api/QueryAbuseFilters.php). Authenticated wiki users on affected installations (all versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9) can retrieve private or restricted filter rule details they should not be authorized to access. No active exploitation has been confirmed (not listed in CISA KEV) and no public proof-of-concept exploit is known at time of analysis, but the moderate CVSS 4.0 score of 5.3 reflects real risk to wikis relying on confidential filter logic for abuse prevention.

PHP Information Disclosure Abusefilter
NVD VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Information disclosure in Wikimedia Foundation AbuseFilter allows low-privileged authenticated users with user interaction to access limited confidential data through a network vector. The vulnerability affects AbuseFilter versions prior to 1.43.7, 1.44.4, and 1.45.2, with very low CVSS score (2.1) indicating minimal real-world impact but potential for sensitive information leakage in filtered content or filter logic contexts.

Information Disclosure Abusefilter
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Abusefilter
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Abusefilter
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy