Browse all 62 CVE security advisories affecting The Wikimedia Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The Wikimedia Foundation operates non-profit digital platforms, most notably Wikipedia, facilitating global knowledge sharing through collaborative editing. Its infrastructure relies on complex web applications and databases, making it a frequent target for automated scanning and exploitation. Historical vulnerability records indicate a prevalence of cross-site scripting (XSS), SQL injection, and cross-site request forgery (CSRF) flaws, stemming from the scale and diversity of its codebase contributions. While remote code execution (RCE) incidents are less common, they pose significant risks due to the platform’s critical nature. The organization employs rigorous code review processes and maintains a dedicated security team to address these issues. Despite these measures, the sheer volume of user-generated content and extensions creates a broad attack surface. The foundation’s response to security incidents typically involves rapid patching and transparency reports, aiming to maintain trust while mitigating the impact of discovered exploits on its vast user base.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-47841 | Path traversal when loading stylesheets — Mediawiki - CSS ExtensionCWE-22 | 7.5 | - | 2024-10-05 |
| CVE-2024-47845 | CSS sanitizer used incorrectly, and is easily bypassed — Mediawiki - CSS ExtensionCWE-116 | 9.4 | - | 2024-10-05 |
This page lists every published CVE security advisory associated with The Wikimedia Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.