Description
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several #dpl parameters can leak usernames that have been hidden using revision deletion, suppression, or the hideuser block flag. The vulnerability is fixed in 3.6.4.
Scores
CVSS v4
8.7
EPSS
0.0004
EPSS Percentile
11.1%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-359
Status
published
Products (2)
universal-omega/dynamic-page-list3
0 - 3.6.4Packagist
Universal-Omega/DynamicPageList3
< 3.6.4
Published
Jul 10, 2025
Tracked Since
Feb 18, 2026