Description
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4382)
WebLogic CVE-2018-2902 Vulnerability (CVE-2018-2902)
WordPress Plugin WordPress Simple Shopping Cart Cross-Site Request Forgery (3.5)
WordPress 5.6.x Prototype Pollution (5.6 - 5.6.7)
WordPress Plugin Product Catalog X Cross-Site Request Forgery (1.5.12)