Primary

Context

XWiki AdminTools Access Control Vulnerability in SpammedPages Feature

Vulnerability

Patched

A vulnerability in XWiki AdminTools versions through 1.0.1 allows users without admin rights to access the AdminTools.SpammedPages feature. Although no data is displayed to non-admin users, the page remains accessible. This issue has been resolved in version 1.1. As a workaround, the view rights for the AdminTools space can be restricted to the XWikiAdminGroup.

Impact

This vulnerability could lead to unauthorized access to the AdminTools.SpammedPages feature by non-admin users.

Remediation

Users can upgrade to XWiki AdminTools version 1.1 or set the view rights for the AdminTools space to be available only for the XWikiAdminGroup.

Added: Nov 18, 2025, 11:24 PM

Updated: Nov 18, 2025, 11:24 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.0

exploitability

8.1

remediation

8.3

relevance

1.1

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.0

exploitability

8.1

remediation

8.3

relevance

1.1

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

XWiki AdminTools Access Control Vulnerability in SpammedPages Feature

Vulnerability

Impact

Remediation

Affected Products

XWiki AdminTools

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating