Security researchers from Checkpoint identified this vulnerability(CVE-2014-1610) affecting all versions starting with version 1.8. The websites are vulnerable only, if a specific non-default setting is enabled.
According to the security advisory, an attacker could have exploited this vulnerability to make file and system changes and gained complete control over the server.
Checkpoint said that an attacker could have injected malware code into every page WikiPedia.org which could have put millions of users' system at potential risk of malware infection.
Fortunately, Checkpoint immediately informed the WikiMedia foundation about the presence this security bug. On 28th Jan., the foundation released patch for this bug.
The security advisory says that this is the third critical remote code execution vulnerability discovered in MediaWiki since 2006.