Description
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Frontend Profile Security Bypass (1.2.1)
Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
WordPress Plugin iPages Flipbook For WordPress Cross-Site Scripting (1.4.2)
Apache Tomcat Improper Input Validation Vulnerability (CVE-2011-2526)
WordPress Plugin Contact Form Unspecified Vulnerability (1.2)