Description
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.
Remediation
References
Related Vulnerabilities
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Security Bypass (3.10.15)
WordPress Plugin One Click Upsell Funnel for WooCommerce Unspecified Vulnerability (2.0.0)
PHP Out-of-bounds Write Vulnerability (CVE-2008-2371)
WordPress Plugin Spellchecker 'general.php' Local and Remote File Include Vulnerabilities (3.1)