Description In Moodle, insufficient capability checks meant message deletions were not limited to the current user. Remediation References CVE-2021-36397 Related Vulnerabilities Joomla CVE-2012-5827 Vulnerability (CVE-2012-5827) Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-21018) Oracle Application Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-0586) WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Security Bypass (2.8.7) WordPress Plugin Availability Calendar Cross-Site Scripting (1.2.1) Severity Medium Classification CVE-2021-36397 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities