Description
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
Remediation
References
Related Vulnerabilities
WordPress Plugin Testimonial Multiple Vulnerabilities (2.2)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2021-3449)
WordPress Plugin Media Library Categories Multiple Cross-Site Scripting Vulnerabilities (1.1.1)
Oracle JRE CVE-2013-2471 Vulnerability (CVE-2013-2471)
WordPress Plugin MathJax-LaTeX Cross-Site Request Forgery (1.1)