In Moodle versions up to 4.5.2 a medium severity vulnerability CVE-2025-26527 was detected. This vulnerability arises from the improper handling of non-searchable tags, allowing users who should not have access to certain tags to still discover them through the tag search page or the tags block. To address this issue, users should upgrade Moodle to versions 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26527.
Read more EducationalIn Moodle versions up to 4.5.2 a low severity vulnerability CVE-2025-26528 was detected. This vulnerability stems from insufficient input sanitization in the ddimageortext question type, allowing attackers to inject malicious scripts that are executed when other users access the affected content. To address this issue, users should upgrade Moodle to versions 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26528.
Read more EducationalIn Moodle versions up to 4.1.15, 4.3.9, 4.4.5 and 4.5.1 a high severity vulnerability CVE-2025-26529 was detected. This vulnerability arises from insufficient sanitization of input in the Site Administration Live Log, leading to a stored Cross-Site Scripting (XSS) risk. To address this issue, users should upgrade Moodle to versions 4.1.16, 4.3.10, 4.4.6 or 4.5.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26529.
Read more EducationalIn Moodle versions up to 4.5.1 a high severity vulnerability CVE-2025-26530 was detected. This vulnerability results from insufficient sanitization in the question bank filter, allowing attackers to craft malicious URLs that execute arbitrary JavaScript in the victim’s browser. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6 or 4.3.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26530.
Read more EducationalIn Moodle versions prior to 4.5.2, 4.4.6, 4.3.10, and 4.1.16 a high severity vulnerability CVE-2025-26525 was detected. This vulnerability allows attackers to exploit insufficient sanitization in the TeX notation filter when pdfTeX is available, leading to arbitrary file read risks on Moodle installations using TeX Live. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6, 4.3.10 or 4.1.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26525.
Read more EducationalIn Moodle versions prior to 4.1.14, from 4.2.0 before 4.2.11, from 4.3.0 before 4.3.8, and from 4.4.0 before 4.4.4 a medium severity vulnerability CVE-2024-48896 was detected. This vulnerability allows users with “send message” rights to see names of other users through an error message, even if they shouldn’t have access. The displayed name follows the site’s configured full-name format. To fix this issue, users need to update to versions 4.1.14, 4.2.11, 4.3.8, or 4.4.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-48896.
Read more EducationalIn Moodle versions starting from 0 before 4.1.0, from 4.1.0 before 4.1.14, from 4.2.0 before 4.2.11, from 4.3.0 before 4.3.8, and from 4.4.0 before 4.4.4 a medium severity vulnerability CVE-2024-48901 was detected. This vulnerability allows attackers to access and view the schedule of a report in Moodle without having the necessary permissions to edit it. To fix this issue, users should upgrade Moodle to versions 4.5.0-rc2 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-48901.
Read more EducationalIn Moodle versions 4.1.0 and above, prior to 4.1.12, 4.2.0 and above, prior to 4.2.9, 4.3.0 and above, prior to 4.3.6, 4.4.0 and above, prior to 4.4.2 a medium severity vulnerability CVE-2024-43439 was detected. This vulnerability allows H5P error messages to be exploited for cross-site scripting attacks, requiring improved sanitization. To fix this issue, users need to update to versions 4.1.12, 4.2.9, 4.3.6, 4.4.2, or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43439.
Read more EducationalIn Moodle versions 4.4.0 and above, prior to 4.4.2, 4.3.0 and above, prior to 4.3.6, 4.2.0 and above, prior to 4.2.9, 4.1.0 and above, prior to 4.1.12 a medium severity vulnerability CVE-2024-43429 was detected. This vulnerability makes some hidden profile fields visible in gradebook reports. This allows users who shouldn’t see hidden fields to access them. To fix this issue, users need to update to versions 4.4.2, 4.3.6, 4.2.9, 4.1.12, or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-43429.
Read more Educational