Description
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.
Remediation
References
Related Vulnerabilities
WordPress Plugin Users Ultra SQL Injection (1.4.35)
GlassFish Improper Authentication Vulnerability (CVE-2017-1000030)
WordPress Plugin Advanced Custom Fields PRO Cross-Site Scripting (5.9.0)
WordPress Plugin Relevanssi-A Better Search Cross-Site Scripting (4.0.4)
WordPress Plugin Copy or Move Comments Multiple Vulnerabilities (1.0.0)