Moodle has a CSRF risk in user tours manager that allows tour duplication

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery CSRF attacks...

Cross-site Request Forgery (CSRF)

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to insufficient CSRF protection in the user tours manager. An attacker can duplicate existing tours without needing authentication by exploiting this vulnerabilit...

GHSA-88XJ-97GF-7WPQ Moodle has a CSRF risk in user tours manager that allows tour duplication

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery CSRF attacks...

CVE-2025-3635 Moodle: csrf risk in moodle user tours manager allows tour duplication

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery CSRF attacks...