Description
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum.
Remediation
References
Related Vulnerabilities
WordPress Plugin Klarna Checkout for WooCommerce Security Bypass (2.0.9)
WordPress Plugin Easy Modal Multiple SQL Injection Vulnerabilities (2.0.17)
PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1169)
WordPress Plugin Community Events 'id' Parameter SQL Injection (1.2.2)
Oracle Database Server CVE-2013-1538 Vulnerability (CVE-2013-1538)