Description
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2002-0569)
WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (1.8)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-16854)
WordPress Plugin Elementor Website Builder Arbitrary File Upload (2.7.4)
WordPress Plugin WP Featured Post with thumbnail 'src' Parameter Cross-Site Scripting (3.0)