Description
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Custom Fields PRO Cross-Site Scripting (6.1.5)
WordPress Plugin WPZOOM Portfolio Cross-Site Scripting (1.2.1)
PHP Numeric Errors Vulnerability (CVE-2010-4699)
WordPress Plugin Slideshow Gallery LITE Unspecified Vulnerability (1.6.2)
WordPress Missing Authentication for Critical Function Vulnerability (CVE-2020-11028)