moodle/moodle Security Advisories for v4.5.6 (18)
-
[HIGH] Moodle has a Remote Code Execution risk via file restore
PKSA-fh6z-73jv-qwnd CVE-2026-26045 GHSA-ggxq-2mg9-8966
Affected version: <4.5.9|>=5.0.0-beta,<5.0.5|>=5.1.0-beta,<5.1.2
Reported by:
GitHub -
[MEDIUM] Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
PKSA-d5fc-2jw8-sm45 CVE-2026-26047 GHSA-cg8j-5cr2-568q
Affected version: <4.5.9|>=5.0.0-beta,<5.0.5|>=5.1.0-beta,<5.1.2
Reported by:
GitHub -
[LOW] Moodle Open Redirect vulnerability
PKSA-prf5-y5p2-ykmg CVE-2025-67852 GHSA-qv78-6gpp-hm68
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[HIGH] Moodle Affected by Improper Restriction of Excessive Authentication Attempts
PKSA-dz6d-pdgm-m472 CVE-2025-67853 GHSA-5cx4-w4fh-fr57
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Cross-site Scripting
PKSA-2j87-1r5d-n19k CVE-2025-67855 GHSA-vwhw-vp9v-q9c9
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[MEDIUM] Moodle has an authorization logic flaw
PKSA-xyd9-vffd-bswp CVE-2025-67856 GHSA-hcm6-q6pc-xfhm
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[MEDIUM] Moodle Inserts Sensitive Information Into Sent Data
PKSA-2wxn-vc4s-1dkz CVE-2025-67857 GHSA-8jrv-wx83-w3xj
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[HIGH] Moodle authentication bypass vulnerability
PKSA-d2w7-632f-6wy9 CVE-2025-67848 GHSA-j5jv-w5cw-j9ff
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[HIGH] Moodle Cross-site Scripting (XSS) vulnerability
PKSA-qhxz-6rtn-nzx7 CVE-2025-67849 GHSA-mhf6-pp52-8wqj
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[HIGH] Moodle vulnerable to Cross-site Scripting
PKSA-3g2p-wb92-w82j CVE-2025-67850 GHSA-6mmv-f6c6-v6q8
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[MEDIUM] Moodle formula injection vulnerability
PKSA-213q-p3b4-49zj CVE-2025-67851 GHSA-qfh6-h7j6-fvjv
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[HIGH] Moodle affected by a code injection vulnerability
PKSA-41tm-5zq3-pfdc CVE-2025-67847 GHSA-xvmh-25jw-gmmm
Affected version: <4.1.22|>=4.2.0-beta,<4.4.12|>=4.5.0-beta,<4.5.8|>=5.0.0-beta,<5.0.4|>=5.1.0-beta,<5.1.1
Reported by:
GitHub -
[MEDIUM] Moodle's error handling leads to sensitive information disclosure
PKSA-s9t3-1mh7-mgx2 CVE-2025-62396 GHSA-c5cj-xp43-qcc3
Affected version: >=4.5.0-beta,<4.5.7|>=5.0.0-beta,<5.0.3
Reported by:
GitHub -
[MEDIUM] Moodle does not properly enforce MFA
PKSA-7pfx-c6p7-vmng CVE-2025-62398 GHSA-25wf-7x6c-wmpf
Affected version: >=4.4.0-beta,<4.4.11|>=4.5.0-beta,<4.5.7|>=5.0.0-beta,<5.0.3
Reported by:
GitHub -
[HIGH] Moodle vulnerable to brute-force password guesses
PKSA-c2fh-btt6-h7g6 CVE-2025-62399 GHSA-m58f-9pvv-8mp2
Affected version: <4.1.21|>=4.2.0-beta,<4.4.11|>=4.5.0-beta,<4.5.7|>=5.0.0-beta,<5.0.3
Reported by:
GitHub -
[MEDIUM] Moodle exposed the names of hidden groups to users
PKSA-7bbm-2bcq-7hnc CVE-2025-62400 GHSA-422v-w6c5-vq42
Affected version: <4.1.21|>=4.2.0-beta,<4.4.11|>=4.5.0-beta,<4.5.7|>=5.0.0-beta,<5.0.3
Reported by:
GitHub -
[MEDIUM] Moodle has a time restriction bypass
PKSA-2154-mt94-234t CVE-2025-62401 GHSA-w29j-8phw-ffjf
Affected version: <4.1.21|>=4.2.0-beta,<4.4.11|>=4.5.0-beta,<4.5.7|>=5.0.0-beta,<5.0.3
Reported by:
GitHub -
[MEDIUM] Moodle sends quiz-related messages to inactive/suspended users
PKSA-618v-fp6m-xcm3 CVE-2025-62394 GHSA-8fcv-4qp9-pg32
Affected version: >=4.5.0-beta,<4.5.7|>=5.0.0-beta,<5.0.3
Reported by:
GitHub