CVE-2025-53485

Name of the Vulnerable Software and Affected Versions: MediaWiki SecurePoll extension versions 1.39.X through 1.39.12 MediaWiki SecurePoll extension versions 1.42.X through 1.42.6 MediaWiki SecurePoll extension versions 1.43.X through 1.43.1

Description: The issue arises from the lack of validation in SetTranslationHandler.php, which fails to check if a user is an election admin before allowing changes to election-related translation text. This oversight enables any user, including unauthenticated ones, to modify these translations. Although the check is partially broken in newer MediaWiki versions, it remains missing.

Recommendations: For MediaWiki SecurePoll extension versions 1.39.X through 1.39.12, update to version 1.39.13 or later. For MediaWiki SecurePoll extension versions 1.42.X through 1.42.6, update to version 1.42.7 or later. For MediaWiki SecurePoll extension versions 1.43.X through 1.43.1, update to version 1.43.2 or later.