Description
Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-2392 Vulnerability (CVE-2013-2392)
WordPress Plugin Knews Multilingual Newsletters 'ff' Parameter Cross-Site Scripting (1.1.0)
WordPress Plugin YITH PayPal Express Checkout for WooCommerce Security Bypass (1.2.5)
WordPress Plugin Affiliate Press Multiple Cross-Site Scripting Vulnerabilities (0.3.8)