Known Vulnerabilities for products from Moodle
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Moodle".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-30884 json | Not Provided | 2026-03-18 | 2026-03-18 | |
| CVE-2023-46858 json | ** DISPUTED ** Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE:... | 5.4 - MEDIUM | 2023-10-29 | 2023-11-07 |
| CVE-2023-35133 json | An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects ... | 7.5 - HIGH | 2023-06-22 | 2023-11-07 |
| CVE-2023-35132 json | A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 t... | 6.3 - MEDIUM | 2023-06-22 | 2023-11-07 |
| CVE-2023-35131 json | Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 ... | 6.1 - MEDIUM | 2023-06-22 | 2023-11-07 |
| CVE-2023-30944 json | The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki metho... | 7.3 - HIGH | 2023-05-02 | 2023-11-07 |
| CVE-2023-30943 json | The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create ... | 5.3 - MEDIUM | 2023-05-02 | 2023-11-07 |
| CVE-2023-28336 json | Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not othe... | 4.3 - MEDIUM | 2023-03-23 | 2023-11-07 |
| CVE-2023-28335 json | The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | 8.8 - HIGH | 2023-03-23 | 2023-03-28 |
| CVE-2023-28334 json | Authenticated users were able to enumerate other users' names via the learning plans page. | 4.3 - MEDIUM | 2023-03-23 | 2023-03-28 |
| CVE-2023-28333 json | The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear ... | 9.8 - CRITICAL | 2023-03-23 | 2023-11-07 |
| CVE-2023-28332 json | If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented a... | 6.1 - MEDIUM | 2023-03-23 | 2023-11-07 |
| CVE-2023-28331 json | Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. | 6.1 - MEDIUM | 2023-03-23 | 2023-11-07 |
| CVE-2023-28330 json | Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only avai... | 6.5 - MEDIUM | 2023-03-23 | 2023-11-07 |
| CVE-2023-28329 json | Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available ... | 8.8 - HIGH | 2023-03-23 | 2023-11-07 |
| CVE-2023-23923 json | The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote atta... | 8.2 - HIGH | 2023-02-17 | 2023-02-28 |
| CVE-2023-23922 json | The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remo... | 6.1 - MEDIUM | 2023-02-17 | 2023-02-28 |
| CVE-2023-23921 json | The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl para... | 6.1 - MEDIUM | 2023-02-17 | 2023-02-28 |
| CVE-2023-5551 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 3.3 - LOW | 2023-11-09 | 2023-11-17 |
| CVE-2023-5550 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-11-09 | 2023-11-17 |
Known software with vulnerabilities from Moodle
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Moodle | Moodle | - |