Description
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.
Remediation
References
Related Vulnerabilities
WordPress Plugin Uploadify Integration Multiple Cross-Site Scripting Vulnerabilities (0.9.6)
WordPress Plugin Bird Feeder Multiple Vulnerabilities (1.2.3)
Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-40465)
WordPress Plugin Book appointment online Cross-Site Scripting (1.38)