Description
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
Remediation
References
Related Vulnerabilities
WordPress Plugin Backup and Restore WordPress-WPBackItUp Multiple Vulnerabilities (1.9)
WordPress Plugin Podlove Podcast Publisher Cross-Site Request Forgery (3.8.3)
WordPress Plugin Easy Table Cross-Site Scripting (1.5.2)
WordPress Plugin Database Backup for WordPress 'edit.php' Directory Traversal (1.7)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (7.1.12)