Description
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.
Remediation
References
Related Vulnerabilities
WordPress Plugin SMS Alert Order Notifications-WooCommerce Cross-Site Scripting (3.4.6)
PHP Improper Input Validation Vulnerability (CVE-2010-3870)
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)
Magento Insufficient Verification of Data Authenticity Vulnerability (CVE-2019-8124)
WordPress Plugin Localize My Post Local File Inclusion (1.0)