Wikimedia Foundation MediaWiki Thanks and Growth Experiments Extensions Incorrect Default Permissions Vulnerability

Vulnerability

A vulnerability allowing access to functionality not properly constrained by access control lists (ACLs) has been identified in the Wikimedia Foundation MediaWiki Thanks Extension and the MediaWiki Growth Experiments Extension. This issue affects versions of the extensions from 1.43 prior to 1.44.

Impact

Exploitation of this vulnerability could lead to unauthorized access to functionalities within the affected MediaWiki extensions, bypassing intended permission restrictions.

Added: Oct 21, 2025, 8:41 PM

Updated: Oct 21, 2025, 8:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wikimedia Foundation MediaWiki Thanks and Growth Experiments Extensions Incorrect Default Permissions Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating