← Back to stories Focused view of a computer screen displaying programming code with visible reflections.
Photo by Daniil Komov on Pexels
凤凰科技 2026-03-09

Wikipedia Hit by Self-Spreading JavaScript Worm; Editing Curbed to Contain Outbreak

What happened

Wikipedia faced a self-propagating JavaScript worm that rapidly defaced thousands of pages, prompting the Wikimedia Foundation to temporarily restrict certain editing features while it worked to restore content and purge malicious code. Security outlet Bleeping Computer reported that more than 4,000 pages were altered and at least 85 user scripts were silently replaced as the worm spread. It has been reported that the incident was inadvertently triggered when a Wikimedia Foundation employee executed a malicious script previously planted on a Wikipedia page.

How it spread

According to Bleeping Computer’s analysis, the malicious script—identified as test.js—automatically modified page content and appended code to propagate itself further. This exploited Wikipedia’s openness and the flexibility of its MediaWiki platform, which allows custom user JavaScript and “Gadget” tools that enhance editing. That power is a double-edged sword. When scripts are compromised, they can cascade across community-maintained pages and accounts. The Foundation said it has found no evidence that core infrastructure was breached.

Containment and recovery

In response, the Wikimedia Foundation reportedly limited some editing actions, temporarily disabled parts of the user script and Gadget system, and began restoring affected pages while removing the worm. Such measures can be disruptive for volunteer editors, but they are standard containment tactics to prevent reinfection and regain control. The engineering team is progressively re-enabling features as it validates their security.

Why it matters

The incident spotlights the security trade-offs inherent to open, collaborative platforms. It raises a familiar question: how to preserve community-driven extensibility without widening the attack surface? Bleeping Computer recommended stricter review and auditing of user scripts, tighter permissions for high-privilege code, and robust content security policies to curb cross-page script injection. For one of the world’s most visited knowledge sites, even short-lived outbreaks serve as a reminder that governance of user-contributed code is as critical as moderation of user-contributed text.

AISpace
View original source →