Description
The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH Pre-Order for WooCommerce Security Bypass (1.1.9)
WordPress Plugin Contact Form DB-Elementor Cross-Site Scripting (1.7)
Joomla! Core 3.9.x Directory Traversal (3.9.3 - 3.9.5)
WordPress Plugin Social Review includes Backdoor [Only if downloaded via the vendor website] (1.0.8)
WordPress Plugin Smart Layers by AddThis Unspecified Vulnerability (1.0.1)