CVE-2025-67646

Name of the Vulnerable Software and Affected Versions TableProgressTracking versions 1.2.0 and below

Description TableProgressTracking is a MediaWiki extension used to track progress against specific criteria. Versions 1.2.0 and below do not validate Cross-Site Request Forgery (CSRF) tokens in the REST API. This allows an attacker to create a malicious webpage that, when visited by an authenticated user, can trigger unintended authenticated actions through the victim’s browser. Specifically, an attacker can delete or track progress against tables due to the missing CSRF protection. The issue is addressed in version 1.2.1.

Recommendations Update to TableProgressTracking version 1.2.1 or later.