Description
An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn't use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur.
Remediation
References
Related Vulnerabilities
WordPress Plugin Events Made Easy Multiple Vulnerabilities (1.5.49)
IBM WebSEAL Inadequate Encryption Strength Vulnerability (CVE-2019-4151)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2001-1247)
WordPress Plugin kk Star Ratings 'root' Parameter Remote File Include (1.7)
Grafana Missing Authentication for Critical Function Vulnerability (CVE-2019-15043)