Another issue reported by DAU Huy Ngoc.
I found another XSS in the geshi plugin included in mediawiki 1.25.1.
The POC is as follows:
Note that WMF sites are not affected. I believe 1.26 and 1.24 branches don't use the same version of geshi.
However, if you are gonna release 1.25.2 (as you mentioned earlier). There's a big chance that it will include the vulnerable plugin.