Description

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

Remediation

References

CVE-2022-0984

Related Vulnerabilities

WordPress Plugin MainWP Child-Securely connects sites to the MainWP WordPress Manager Dashboard Security Bypass (2.0.9.1)

WordPress Plugin GD Star Rating 'export.php' Security Bypass (1.9.18)

Moodle Improper Privilege Management Vulnerability (CVE-2019-3849)

WordPress Plugin Import and export users and customers Cross-Site Request Forgery (1.14.1.3)

WordPress Plugin Wp-Pro-Quiz Cross-Site Request Forgery (0.37)

Severity

Medium

Classification

CVE-2022-0984 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities