Moodle Vulnerabilities

SQL Injection Vulnerability in Moodle Course Search Module

CVE-2025-26533

Moodle ProjectMoodle8.1HIGH

Data Validation Flaw in Moodle by Moodle

CVE-2025-26532

Moodle ProjectMoodle3.1LOW

Insufficient Capability Checks in Moodle by Moodle

CVE-2025-26531

Moodle ProjectMoodle3.1LOW

Reflected XSS Vulnerability in Moodle's Question Bank Filter

CVE-2025-26530

Moodle ProjectMoodle8.3HIGH

Stored XSS Vulnerability in Moodle's Administration Live Log

CVE-2025-26529

Moodle ProjectMoodle👾🟡8.3HIGH

Stored XSS Vulnerability in Moodle Drag-and-Drop Image Question Type

CVE-2025-26528

Moodle ProjectMoodle3.4LOW

Moodle Tags Exposure in Tag Search and Block Functionality

CVE-2025-26527

Moodle ProjectMoodle5.3MEDIUM

Permission Check Flaws in Feedback Activities of Moodle by Moodle

CVE-2025-26526

Moodle ProjectMoodle6.5MEDIUM

Arbitrary File Read Vulnerability in TeX Notation Filter Affects Moodle Products

CVE-2025-26525

Moodle ProjectMoodle8.6HIGH

Moodle Messaging Vulnerability Allows Unauthorized Access to User Names

CVE-2024-48896

MoodleMoodle4.3MEDIUM

Additional Checks Required to Secure Report Schedule

CVE-2024-48901

MoodleMoodle4.3MEDIUM

Delete Audiences from Reports Vulnerability

CVE-2024-48898

MoodleMoodle4.3MEDIUM

Additional Checks Required to Secure RSS Feeds in Moodle

CVE-2024-48897

MoodleMoodle4.3MEDIUM

Cross-Site Scripting Vulnerability in Moodle H5P

CVE-2024-43439

MoodleMoodle6.1MEDIUM

Separate Unique Keys for QR Login and Auto-Login

CVE-2024-38277

MoodleMoodle5.4MEDIUM

Multiple CSRF Risks Due to Incorrect Token Checks

CVE-2024-38276

MoodleMoodle8.8HIGH

Unintentionally Sending HTTP Authorization Header Information Through Redirects

CVE-2024-38275

MoodleMoodle

Stored XSS Risk in Event Deletion Prompt

CVE-2024-38274

MoodleMoodle6.1MEDIUM

Users Granted Unauthorized Access to Join URLs Due to Insufficient Capability Checks

CVE-2024-38273

MoodleMoodle5.4MEDIUM

Unauthorized Event Creation Due to Incorrect Validation

CVE-2024-33996

MoodleMoodle

Reflected XSS Vulnerability in Moodle by Moodle

CVE-2023-46858

MoodleMoodle5.4MEDIUM

SSRF Vulnerability in Moodle by Moodle

CVE-2023-35133

Moodlemoodle7.5HIGH

Cross-Site Scripting Vulnerability in Moodle

CVE-2023-35131

Moodlemoodle6.1MEDIUM

SQL Injection Risk in Moodle for Education Platforms

CVE-2023-35132

Moodlemoodle6.3MEDIUM

Persistent Cross-Site Scripting in Moodle by Moodle HQ

CVE-2021-27131

MoodleMoodle5.4MEDIUM

Moodle Vulnerabilities

Vulnerability Published:

Sort By:

24 February 2025

SQL Injection Vulnerability in Moodle Course Search Module

Data Validation Flaw in Moodle by Moodle

Insufficient Capability Checks in Moodle by Moodle

Reflected XSS Vulnerability in Moodle's Question Bank Filter

Stored XSS Vulnerability in Moodle's Administration Live Log

Stored XSS Vulnerability in Moodle Drag-and-Drop Image Question Type

Moodle Tags Exposure in Tag Search and Block Functionality

Permission Check Flaws in Feedback Activities of Moodle by Moodle

Arbitrary File Read Vulnerability in TeX Notation Filter Affects Moodle Products

18 November 2024

Moodle Messaging Vulnerability Allows Unauthorized Access to User Names

Additional Checks Required to Secure Report Schedule

Delete Audiences from Reports Vulnerability

Additional Checks Required to Secure RSS Feeds in Moodle

11 November 2024

Cross-Site Scripting Vulnerability in Moodle H5P

18 June 2024

Separate Unique Keys for QR Login and Auto-Login

Multiple CSRF Risks Due to Incorrect Token Checks

Unintentionally Sending HTTP Authorization Header Information Through Redirects

Stored XSS Risk in Event Deletion Prompt

Users Granted Unauthorized Access to Join URLs Due to Insufficient Capability Checks

31 May 2024

Unauthorized Event Creation Due to Incorrect Validation

29 October 2023

Reflected XSS Vulnerability in Moodle by Moodle

22 June 2023

SSRF Vulnerability in Moodle by Moodle

Cross-Site Scripting Vulnerability in Moodle

SQL Injection Risk in Moodle for Education Platforms

16 May 2023

Persistent Cross-Site Scripting in Moodle by Moodle HQ