CVE-2025-23081

CVE-2025-23081: Various security vulnerabilities in Extension:DataTransfer

Vendor Wikimedia Foundation
Product Mediawiki - DataTransfer Extension
Weakness CWE-352 · CSRF
Published January 14, 2025
Last update March 13, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects Mediawiki - DataTransfer Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

Key dates

02Disclosure timeline

January 14, 2025 CVE published
March 13, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-8423 JaviBola Custom Theme Test <= 2.0.5 - Cross-Site Request Forgery CVE-2025-28933 WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability CVE-2024-51654 WordPress APK Downloader plugin <= 1.0.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability CVE-2023-40607 WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-1383 Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function