Description
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
Remediation
References
Related Vulnerabilities
Squid Stack-based Buffer Overflow Vulnerability (CVE-2025-59362)
WordPress Plugin BePro Listings Security Bypass (2.2.0020)
Squid Integer Overflow or Wraparound Vulnerability (CVE-2021-31807)
WebLogic CVE-2023-22086 Vulnerability (CVE-2023-22086)
Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-43665)