Description
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Tutor LMS Elementor Addons Cross-Site Scripting (2.1.3)
WordPress Plugin Media Mirror Cross-Site Scripting (1.0.6)
WordPress Plugin Rich Counter Cross-Site Scripting (1.1.5)
Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7)
WordPress Plugin WP No External Links Cross-Site Scripting (3.5.15)