Skip to main content

Checkuser

6 CVEs product

Monthly

CVE-2026-58034 NONE PATCH Awaiting Data

Cross-site scripting in the Wikimedia Foundation CheckUser extension (versions 1.46.0-rc.0 up to but not including 1.46.0) allows a high-privileged attacker to inject malicious scripts via the blockConnectedTempAccountsField Vue component used in the Temporary Accounts blocking workflow. Exploitation requires both elevated CheckUser-level privileges and active user interaction from another party, materially constraining real-world risk. No public exploit code exists and this CVE is not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis.

XSS Checkuser
NVD VulDB
EPSS
0.2%
CVE-2026-34090 MEDIUM PATCH This Month

Wikimedia Foundation CheckUser versions 1.45.0 through 1.45.1 expose sensitive information to unauthorized actors through a flaw in access control, allowing high-privileged users with user interaction to view data they should not access. The vulnerability affects the CheckUser extension used across Wikimedia projects and is confirmed patched in version 1.45.2. EPSS and active exploitation status are not publicly documented, but the low CVSS score (4.8) and requirement for elevated privileges limit real-world impact.

Information Disclosure Checkuser
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-61651 This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js.

XSS Checkuser
NVD
EPSS
0.1%
CVE-2025-61648 This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser.

XSS Checkuser
NVD
EPSS
0.1%
CVE-2019-18611 MEDIUM PATCH This Month

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Checkuser
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2015-2940 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Checkuser
NVD
CVSS 2.0
6.8
EPSS
0.3%
EPSS 0%
NONE PATCH Awaiting Data

Cross-site scripting in the Wikimedia Foundation CheckUser extension (versions 1.46.0-rc.0 up to but not including 1.46.0) allows a high-privileged attacker to inject malicious scripts via the blockConnectedTempAccountsField Vue component used in the Temporary Accounts blocking workflow. Exploitation requires both elevated CheckUser-level privileges and active user interaction from another party, materially constraining real-world risk. No public exploit code exists and this CVE is not listed in CISA KEV, indicating no confirmed active exploitation at time of analysis.

XSS Checkuser
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Wikimedia Foundation CheckUser versions 1.45.0 through 1.45.1 expose sensitive information to unauthorized actors through a flaw in access control, allowing high-privileged users with user interaction to view data they should not access. The vulnerability affects the CheckUser extension used across Wikimedia projects and is confirmed patched in version 1.45.2. EPSS and active exploitation status are not publicly documented, but the low CVSS score (4.8) and requirement for elevated privileges limit real-world impact.

Information Disclosure Checkuser
NVD VulDB
EPSS 0%
This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js.

XSS Checkuser
NVD
EPSS 0%
This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation CheckUser.

XSS Checkuser
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Checkuser
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Checkuser
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy