Alexia

**Name of the Vulnerable Software and Affected Versions** Widgets extension versions 1.4.0 and earlier **Description** An issue was discovered in the Widgets extension for MediaWiki, where improper title sanitization allowed for the execution of any wiki page as a widget via MediaWiki's `{{#widget:}}` parser function. **Recommendations** For versions 1.4.0 and earlier, consider disabling the `{{#widget:}}` parser function until a patch is available to prevent the execution of arbitrary wiki pages as widgets. Restrict access to the Widgets extension to minimize the risk of exploitation.