Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

multiple roles project multiple roles vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv3
CVE-2021-4402
The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes ...
Multiple Roles Project Multiple Roles
NA
CVE-2010-1616
Moodle 1.8.x and 1.9.x prior to 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.
Moodle Moodle 1.8.6Moodle Moodle 1.8.5Moodle Moodle 1.9.4Moodle Moodle 1.9.3Moodle Moodle 1.8.8Moodle Moodle 1.8.2Moodle Moodle 1.8.1Moodle Moodle 1.8.3Moodle Moodle 1.9.1Moodle Moodle 1.8.7Moodle Moodle 1.8.9Moodle Moodle 1.8.10Moodle Moodle 1.8.11Moodle Moodle 1.9.6Moodle Moodle 1.9.7Moodle Moodle 1.8.4Moodle Moodle 1.9.5Moodle Moodle 1.9.2
NA
CVE-2010-2229
Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle prior to 1.8.13 and 1.9.x prior to 1.9.9 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Moodle Moodle 1.8.7Moodle Moodle 1.8.6Moodle Moodle 1.7.3Moodle Moodle 1.6.4Moodle Moodle 1.6.6Moodle Moodle 1.5.1Moodle Moodle 1.5.2Moodle Moodle 1.4.4Moodle Moodle 1.3.4Moodle Moodle 1.8.9Moodle Moodle 1.8.8Moodle Moodle 1.8.1Moodle Moodle 1.6.3Moodle Moodle 1.6.5Moodle Moodle 1.6.2Moodle Moodle 1.5Moodle Moodle 1.4.2Moodle Moodle 1.4.5Moodle Moodle 1.2.0Moodle Moodle 1.1.1Moodle MoodleMoodle Moodle 1.8.5
NA
CVE-2010-1614
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspe...
Moodle Moodle 1.8.8Moodle Moodle 1.8.2Moodle Moodle 1.8.1Moodle Moodle 1.8.7Moodle Moodle 1.8.9Moodle Moodle 1.8.3Moodle Moodle 1.8.10Moodle Moodle 1.9.6Moodle Moodle 1.9.7Moodle Moodle 1.8.6Moodle Moodle 1.8.5Moodle Moodle 1.8.11Moodle Moodle 1.9.4Moodle Moodle 1.8.4Moodle Moodle 1.9.3Moodle Moodle 1.9.5Moodle Moodle 1.9.2Moodle Moodle 1.9.1
NA
CVE-2010-1615
Multiple SQL injection vulnerabilities in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation ...
Moodle Moodle 1.8.6Moodle Moodle 1.8.5Moodle Moodle 1.8.11Moodle Moodle 1.9.4Moodle Moodle 1.9.3Moodle Moodle 1.8.4Moodle Moodle 1.9.5Moodle Moodle 1.9.2Moodle Moodle 1.8.8Moodle Moodle 1.8.2Moodle Moodle 1.8.1Moodle Moodle 1.9.1Moodle Moodle 1.8.7Moodle Moodle 1.8.9Moodle Moodle 1.8.3Moodle Moodle 1.8.10Moodle Moodle 1.9.6Moodle Moodle 1.9.7
NA
CVE-2010-1613
Moodle 1.8.x and 1.9.x prior to 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote malicious users to conduct session fixation attacks.
Moodle Moodle 1.8.6Moodle Moodle 1.8.5Moodle Moodle 1.8.11Moodle Moodle 1.9.4Moodle Moodle 1.8.4Moodle Moodle 1.9.3Moodle Moodle 1.9.5Moodle Moodle 1.9.2Moodle Moodle 1.8.8Moodle Moodle 1.8.2Moodle Moodle 1.8.1Moodle Moodle 1.9.1Moodle Moodle 1.8.7Moodle Moodle 1.8.9Moodle Moodle 1.8.3Moodle Moodle 1.8.10Moodle Moodle 1.9.6Moodle Moodle 1.9.7
NA
CVE-2010-1617
user/view.php in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.
Moodle Moodle 1.8.8Moodle Moodle 1.8.1Moodle Moodle 1.8.3Moodle Moodle 1.9.1Moodle Moodle 1.8.6Moodle Moodle 1.8.5Moodle Moodle 1.9.4Moodle Moodle 1.9.3Moodle Moodle 1.8.4Moodle Moodle 1.8.2Moodle Moodle 1.9.5Moodle Moodle 1.9.2Moodle Moodle 1.8.7Moodle Moodle 1.8.9Moodle Moodle 1.8.10Moodle Moodle 1.8.11Moodle Moodle 1.9.6Moodle Moodle 1.9.7
NA
CVE-2010-1618
Cross-site scripting (XSS) vulnerability in the phpCAS client library prior to 1.1.0, as used in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8, allows remote malicious users to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an erro...
Ja-sig Phpcas Client Library 1.0.0Ja-sig Phpcas Client Library 1.0.1Ja-sig Phpcas Client Library 1.0.0Ja-sig Phpcas Client Library 1.0.1Moodle Moodle 1.8.5Moodle Moodle 1.8.4Moodle Moodle 1.9.5Moodle Moodle 1.9.4Moodle Moodle 1.8.1Moodle Moodle 1.8.3Moodle Moodle 1.8.9Moodle Moodle 1.8.7Moodle Moodle 1.9.3Moodle Moodle 1.8.8Moodle Moodle 1.8.6Moodle Moodle 1.9.7Moodle Moodle 1.9.6Moodle Moodle 1.8.2Moodle Moodle 1.8.10Moodle Moodle 1.8.11Moodle Moodle 1.9.2Moodle Moodle 1.9.1
NA
CVE-2010-1619
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8, allows remote malicious users to inject arbitrary web script or HTML via craft...
Moodle Moodle 1.8.8Moodle Moodle 1.8.7Moodle Moodle 1.8.1Moodle Moodle 1.8.3Moodle Moodle 1.9.6Moodle Moodle 1.8.5Moodle Moodle 1.8.4Moodle Moodle 1.9.3Moodle Moodle 1.9.5Moodle Moodle 1.8.2Moodle Moodle 1.9.2Moodle Moodle 1.9.1Moodle Moodle 1.8.9Moodle Moodle 1.8.6Moodle Moodle 1.8.10Moodle Moodle 1.8.11Moodle Moodle 1.9.4Moodle Moodle 1.9.7
NA
CVE-2010-2228
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle prior to 1.8.13 and 1.9.x prior to 1.9.9 allows remote malicious users to inject arbitrary web script or HTML via vectors involving extended characters in a username.
Moodle Moodle 1.1.1Moodle Moodle 1.2.0Moodle Moodle 1.4.1Moodle Moodle 1.4.2Moodle Moodle 1.5.3Moodle Moodle 1.5.0Moodle Moodle 1.6.7Moodle Moodle 1.6.8Moodle Moodle 1.2.1Moodle Moodle 1.3.0Moodle Moodle 1.4.3Moodle Moodle 1.4.4Moodle Moodle 1.6.0Moodle Moodle 1.6.1Moodle Moodle 1.7.1Moodle Moodle 1.8.1Moodle Moodle 1.8.2Moodle Moodle 1.8.9Moodle Moodle 1.8.10Moodle Moodle 1.3.1Moodle Moodle 1.3.2Moodle Moodle 1.4.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook