CVE-2024-1108

CVE-2024-1108 affects the WordPress plugin Plugin Groups. Root cause: missing capability check in admin_init() for versions up to and including 2.0.6. Impact per sources: unauthenticated attackers can modify plugin settings and misconfiguration may cause denial of service. Exploitation status is ...

WordPress Plugin Groups Plugin <= 2.0.6 is vulnerable to Broken Access Control

Software Plugin Groups Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1108 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8c882f834af1 Credits Francesco Carlucci Require...

WordPress Plugin Plugin Groups Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2024-25973 Multiple Stored Cross-Site Scripting Vulnerabilities

The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting XSS vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog...

Plugin Groups < 2.0.7 - Missing Authorization to Unauthenticated Denial of Service

Description The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin,...

PT-2024-16743 · WordPress · Plugin Groups

Name of the Vulnerable Software and Affected Versions: Plugin Groups plugin for WordPress versions up to, and including, 2.0.6 Description: The issue is related to a missing capability check on the admin init function, which allows unauthenticated attackers to modify the plugin's settings. This c...

GHSA-JFRG-9HPQ-9HVP Improper Access Control in moodle

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers...

Improper Access Control in moodle

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers...

Improper Access Control in moodle

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers...

CVE-2024-25980

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers...

CVE-2024-25981

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers...

UBUNTU-CVE-2024-25981

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers...

UBUNTU-CVE-2024-25980

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers...

Default configuration

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers...

Default configuration

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers...

CVE-2024-25980

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers...

CVE-2024-25981 Msa-24-0004: forum export did not respect activity group settings

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers...

CVE-2024-25981 Msa-24-0004: forum export did not respect activity group settings

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers...

CVE-2024-25980 Msa-24-0003: h5p attempts report did not respect activity group settings

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers...

CVE-2024-25980 Msa-24-0003: h5p attempts report did not respect activity group settings

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers...