CVE-2014-3454

Name of the Vulnerable Software and Affected Versions MediaWiki SemanticForms extension versions prior to 1.19.10 MediaWiki SemanticForms extension versions 1.2x prior to 1.21.4 MediaWiki SemanticForms extension versions 1.22.x prior to 1.22.1

Description A cross-site request forgery (CSRF) issue exists in the Special:CreateCategory feature of the SemanticForms extension for MediaWiki. This allows remote attackers to hijack user authentication for category creation requests.

Recommendations For MediaWiki SemanticForms extension versions prior to 1.19.10, update to version 1.19.10 or later. For MediaWiki SemanticForms extension versions 1.2x prior to 1.21.4, update to version 1.21.4 or later. For MediaWiki SemanticForms extension versions 1.22.x prior to 1.22.1, update to version 1.22.1 or later.