Mediawiki Urlshortener Extension
Monthly
Open redirect exploitation in the Wikimedia Foundation MediaWiki UrlShortener Extension enables unauthenticated network attackers to craft shortened URLs hosted on trusted MediaWiki domains that silently redirect victims to arbitrary external sites, facilitating phishing and Cross-Site Flashing attacks. All versions of the extension prior to 1.43.9, 1.44.6, and 1.45.4 across their respective branches are affected. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the unauthenticated and network-accessible nature of URL shortener services makes social-engineering abuse low-effort once a target instance is identified.
Open redirect exploitation in the Wikimedia Foundation MediaWiki UrlShortener Extension enables unauthenticated network attackers to craft shortened URLs hosted on trusted MediaWiki domains that silently redirect victims to arbitrary external sites, facilitating phishing and Cross-Site Flashing attacks. All versions of the extension prior to 1.43.9, 1.44.6, and 1.45.4 across their respective branches are affected. No public exploit code or CISA KEV listing has been identified at time of analysis; however, the unauthenticated and network-accessible nature of URL shortener services makes social-engineering abuse low-effort once a target instance is identified.