Description
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.
Remediation
References
Related Vulnerabilities
WordPress Plugin Events Manager Pro CSV Injection (2.6.7.1)
WordPress Plugin SiteGround Security Security Bypass (1.2.4)
WordPress Plugin Simple Ads Manager Denial of Service (2.9.3.114)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2005-0244)
WordPress Plugin One Click Upsell Funnel for WooCommerce Unspecified Vulnerability (2.0.0)