Description
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
Remediation
References
Related Vulnerabilities
WordPress Cross-Domain Flash Injection Vulnerability (0.70 - 3.6.1)
SharePoint CVE-2021-40484 Vulnerability (CVE-2021-40484)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3319)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-0334)
WordPress Plugin SMTP by BestWebSoft Cross-Site Scripting (1.0.9)