Thevoidwalker

**Name of the Vulnerable Software and Affected Versions** ReplaceText extension versions 1.41 and earlier for MediaWiki **Description** The issue concerns Incorrect Access Control in the ReplaceText extension for MediaWiki. When a user is blocked after submitting a replace job, the job is still executed, even if it may be run at a later time due to the job queue backlog. **Recommendations** For ReplaceText extension versions 1.41 and earlier, consider disabling the replace job functionality for blocked users until a patch is available. Restrict access to the job queue to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.