The following is spotted in production:
1 Unknown modifier 'k': [`^Ma`i ko`u hoaaloha \(i\)$`i] in /srv/mediawiki/php-1.26wmf2/extensions/Quiz/Quiz.class.php on line 765
Line 765 is a preg_match() call, one of over 20 regular expression uses this extension. I don't see any calls to preg_quote() anywhere so I imagine user input is ending up unescaped into regular expression functions. As in the above example this allows users to craft input that allows for changing modifiers of the regular expression (/e anyone?).
The extension should be audited to fix this and any other (likely) unescaped regular expression issues.