Description

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

Remediation

References

CVE-2022-0984

Related Vulnerabilities

WordPress 4.2.x Cross-Site Scripting Vulnerability (4.2 - 4.2.7)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-6623)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Local File Inclusion (3.3.3)

WordPress Plugin Gallery-Image and Video Gallery with Thumbnails SQL Injection (1.2.0)

WordPress Plugin Newsletter Manager PHP Object Injection (1.5.1)

Severity

Medium

Classification

CVE-2022-0984 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities