Open a page's edit window
Add a input value of 'wpUndidRevision' with some valid revid. Save.
Whoever made that edit will receive an extremely confusing Echo notification.
This can easily be exploited by adding the same parameter to an edit made via the API. A warning will be displayed, but the notification is still sent.
Ideas on how to fix:
Temporary: Check that $rev->getTitle() == $article->getTitle()
Maybe also look into using sha1's to only show reverts for exact reverts.
Long term: Find some other way than using a request value like wpUndidRevision to trigger a notification.
Version: unspecified
Severity: major