CVE-2021-32774 MEDIUM

CVE-2021-32774: Cross-Site Request Forgery (CSRF) in DataDump

Vendor Miraheze
Product DataDump
Weakness CWE-352 · CSRF
Published July 20, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or delete dumps could be forged. The vulnerability was patched in commit 67a82b76e186925330b89ace9c5fd893a300830b. There are no known workarounds. You must completely disable DataDump.

Key dates

02Disclosure timeline

July 20, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-26014 WordPress Minify HTML Plugin <= 2.1.7 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-49373 WordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-32344 IBM Cognos Analytics cross-site request forgery CVE-2025-48104 WordPress Floating Window Music Player plugin <= 3.4.2 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability CVE-2025-13671 Cross Site request forgery vulnerability discovered in OpenText WSM Management Server.