Description
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Catalog Enquiry Arbitrary File Upload (3.0.0)
WordPress Plugin Advanced Dynamic Pricing for WooCommerce Multiple Vulnerabilities (4.1.5)
WordPress Plugin Broken Link Checker Multiple Cross-Site Scripting Vulnerabilities (1.9.1)
WordPress Plugin Allow PHP in Posts and Pages 'id' Parameter SQL Injection (2.0.0.RC1)
WordPress Plugin Product Catalog Arbitrary File Upload (3.1.1)