Description
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
Remediation
References
Related Vulnerabilities
WordPress Plugin Events Calendar for Google Local File Inclusion (2.1.0)
WordPress Plugin Nextend Facebook Connect Unspecified Vulnerability (1.5.7)
WordPress Plugin JetWidgets for Elementor and WooCommerce Local File Inclusion (1.1.7)
WordPress Plugin JobSearch WP Job Board Cross-Site Scripting (1.5.4)