Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Wikimedia Foundation — Vulnerabilities & Security Advisories 107

Browse all 107 CVE security advisories affecting Wikimedia Foundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Wikimedia Foundation operates the world’s largest collaborative encyclopedia platform, hosting Wikipedia and related projects that serve billions of monthly visitors. Its infrastructure relies on complex software stacks, including MediaWiki, which has historically been susceptible to various vulnerability classes. Common issues include cross-site scripting (XSS), SQL injection, and remote code execution (RCE) stemming from legacy code paths or misconfigurations. While the organization maintains a robust security posture with regular audits and bug bounty programs, the sheer scale of its codebase and the open nature of its editing model present unique challenges. Recent years have seen efforts to mitigate privilege escalation risks and improve input validation. Despite these ongoing technical hurdles, the Foundation remains a critical public resource, balancing transparency with the need to protect user data and system integrity against sophisticated cyber threats targeting its extensive digital footprint.

Found 2 results / 107Clear Filters
Top products by Wikimedia Foundation: MediaWiki CheckUser Mediawiki - Cargo Extension Mediawiki - AbuseFilter Extension Mediawiki - CheckUser extension Mediawiki - SecurePoll extension Vector Mediawiki - MintyDocs Extension Mediawiki - CampaignEvents Extension MediaWiki - ProofreadPage Extension Mediawiki - IPInfo Extension VisualEditor Wikipedia Preview MediaWiki - CSS extension MediaWiki - VisualData Extension Mediawiki - Skin:BlueSky Mediawiki - ApprovedRevs extension AbuseFilter MediaWiki - UploadWizard extension Mediawiki - WikiCategoryTagCloud extension MultimediaViewer ConfirmEdit OATHAuth DiscussionTools TextExtracts Thanks Scribunto MediaWiki - ReportIncident Extension Mediawiki - FeaturedFeeds Extension Mediawiki - SocialProfile Extension
CVE IDTitleCVSSSeverityPublished
CVE-2025-61655 Stored XSS through system messages in VisualEditor — VisualEditorCWE-79 6.1AIMediumAI2026-02-03
CVE-2025-61656 XSS when pasting into VE — VisualEditorCWE-79 6.1AIMediumAI2026-02-03

This page lists every published CVE security advisory associated with Wikimedia Foundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.