Description
message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.
Remediation
References
Related Vulnerabilities
Magento CVE-2021-36021 Vulnerability (CVE-2021-36021)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Multiple Vulnerabilities (1.17.1)
WordPress Plugin Archive Posts Sort Customize Cross-Site Scripting (1.5)
PostgreSQL Insufficient Verification of Data Authenticity Vulnerability (CVE-2024-10977)