PT-2025-28016 · Mediawiki · Securepoll Extension+1
Published
2025-07-04
·
Updated
2025-07-04
·
CVE-2025-53483
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Mediawiki - SecurePoll extension versions 1.39.X through 1.39.12
Mediawiki - SecurePoll extension versions 1.42.X through 1.42.6
Mediawiki - SecurePoll extension versions 1.43.X through 1.43.1
Description:
The issue affects the Mediawiki - SecurePoll extension, where certain pages do not validate request methods or CSRF tokens. This allows attackers to trigger sensitive actions if an admin visits a malicious site. The affected components include ArchivePage.php, UnarchivePage.php, and the
executeClear() function in VoterEligibilityPage.Recommendations:
For Mediawiki - SecurePoll extension versions 1.39.X through 1.39.12, update to version 1.39.13 or later.
For Mediawiki - SecurePoll extension versions 1.42.X through 1.42.6, update to version 1.42.7 or later.
For Mediawiki - SecurePoll extension versions 1.43.X through 1.43.1, update to version 1.43.2 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mediawiki
Securepoll Extension