Description
Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-5442 Vulnerability (CVE-2016-5442)
WordPress Plugin User Access Manager Unspecified Vulnerability (1.2.6.9)
WordPress Plugin Verve Meta Boxes TimThumb Arbitrary File Upload (1.2.8)
OpenVPN AS Improper Authentication Vulnerability (CVE-2020-15077)
WordPress Plugin iLive-Intelligent WordPress Live Chat Support Cross-Site Scripting (1.0.4)