Description
mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization.
Remediation
References
Related Vulnerabilities
WordPress Plugin Total Security Multiple Unspecified Vulnerabilities (3.4.1)
WordPress Plugin Share This Image Cross-Site Scripting (1.03)
WordPress Plugin Welcome Announcement Multiple Cross-Site Scripting Vulnerabilities (1.0.5)
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)
WordPress Plugin Elementor Website Builder Unspecified Vulnerability (3.0.15)