MediaWiki Cargo Security Vulnerabilities in 2026

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in MediaWiki Cargo.

By the Year

In 2026 there have been 0 vulnerabilities in MediaWiki Cargo. Cargo did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	3	8.23
2023	1	6.10

It may take a day or so for new Cargo vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent MediaWiki Cargo Security Vulnerabilities

MediaWiki Cargo SQLi Before 3.6.1
CVE-2024-47849 9.8 - Critical - October 05, 2024

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

SQL Injection

Mediawiki Cargo XSS before 3.6.1 (Improper Neutralization)
CVE-2024-47847 6.1 - Medium - October 05, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

XSS

MediaWiki-Cargo 3.6.X CSRF Vulnerability (before 3.6.1)
CVE-2024-47846 8.8 - High - October 05, 2024

Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

Session Riding

MediaWiki Cargo XSS in Special:CargoQuery (<=1.39.3)
CVE-2023-37254 6.1 - Medium - June 29, 2023

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for MediaWiki Cargo or by MediaWiki? Click the Watch button to subscribe.

MediaWiki
Vendor

MediaWiki Cargo
Product

MediaWiki Cargo

Don't miss out!

By the Year

Recent MediaWiki Cargo Security Vulnerabilities

MediaWiki Cargo SQLi Before 3.6.1 CVE-2024-47849 9.8 - Critical - October 05, 2024

Mediawiki Cargo XSS before 3.6.1 (Improper Neutralization) CVE-2024-47847 6.1 - Medium - October 05, 2024

MediaWiki-Cargo 3.6.X CSRF Vulnerability (before 3.6.1) CVE-2024-47846 8.8 - High - October 05, 2024

MediaWiki Cargo XSS in Special:CargoQuery (<=1.39.3) CVE-2023-37254 6.1 - Medium - June 29, 2023