Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

moodle — Vulnerabilities & Security Advisories 148

All 148 CVE vulnerabilities found in moodle, with AI-generated Chinese analysis, references, and POCs.

This page is a vulnerability aggregation resource for Moodle, an open-source learning platform, focusing on weaknesses within the Common Weakness Enumeration framework. It systematically collects detailed records of security flaws affecting this specific educational technology software, covering a comprehensive historical range from initial release vulnerabilities to recent patches issued by the official development team. By centralizing these data points, the page enables researchers, system administrators, and security auditors to efficiently track vendor advisories as they are published, providing context on severity ratings and affected versions. Users can also delve into specific weakness classes to understand the underlying technical nature of common defects, such as cross-site scripting or insecure direct object references, within the Moodle codebase. Furthermore, the repository serves as a longitudinal reference for looking up a product's vulnerability history, allowing stakeholders to analyze trends in bug resolution and identify recurring patterns in code quality over time. This structured approach supports proactive risk management by offering transparent visibility into the security posture of Moodle installations. The content is curated to distinguish between theoretical weaknesses and exploitable issues, ensuring that the information remains relevant for operational security planning and compliance auditing.

Vendor: Moodle

CVE IDTitleCVSSSeverityPublished
CVE-2021-47857 Moodle 3.10.3 - 'label' Persistent Cross Site Scripting CWE-79 7.2 High2026-01-21
CVE-2025-53021 Moodle 授权问题漏洞 CWE-384 4.2 Medium2025-06-24
CVE-2025-26533 SQL injection risk in course search module list filter CWE-89 8.1 High2025-02-24
CVE-2025-26532 Teachers can evade trusttext config when restoring glossary entries CWE-863 3.1 Low2025-02-24
CVE-2025-26531 IDOR in badges allows disabling of arbitrary badges CWE-863 3.1 Low2025-02-24
CVE-2025-26530 Reflected XSS via question bank filter CWE-79 8.3 High2025-02-24
CVE-2025-26529 Stored XSS risk in admin live log CWE-79 8.3 High2025-02-24
CVE-2025-26528 Stored XSS in ddimageortext question type CWE-79 3.4 Low2025-02-24
CVE-2025-26527 Non-searchable tags can still be discovered on the tag search page and in the tags block CWE-1230 5.3 Medium2025-02-24
CVE-2025-26526 Feedback response viewing and deletions did not respect Separate Groups mode CWE-863 6.5 Medium2025-02-24
CVE-2025-26525 Arbitrary file read risk through pdfTeX CWE-552 8.6 High2025-02-24
CVE-2024-38277 moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys CWE-324 7.5AIHighAI2024-06-18
CVE-2024-38276 moodle: CSRF risks due to misuse of confirm_sesskey CWE-352 8.8AIHighAI2024-06-18
CVE-2024-38275 moodle: HTTP authorization header is preserved between "emulated redirects" CWE-226 6.1AIMediumAI2024-06-18
CVE-2024-38274 moodle: stored XSS via calendar's event title when deleting the event CWE-79 5.4AIMediumAI2024-06-18
CVE-2024-38273 moodle: BigBlueButton web service leaks meeting joining information to users who should not have access CWE-284 5.4AIMediumAI2024-06-18
CVE-2024-33996 moodle: broken access control when setting calendar event type CWE-20 4.3 -2024-05-31
CVE-2022-40208 Moodle 安全漏洞 CWE-285 4.3 -2023-03-24
CVE-2021-36397 Moodle 安全漏洞 CWE-276 5.3 -2023-03-06
CVE-2021-36403 Moodle 输入验证错误漏洞 CWE-912 4.3 -2023-03-06
CVE-2021-36402 Moodle 输入验证错误漏洞 CWE-20 4.3 -2023-03-06
CVE-2021-36401 Moodle 跨站脚本漏洞 CWE-79 4.8 -2023-03-06
CVE-2021-36400 Moodle 安全漏洞 CWE-276 5.3 -2023-03-06
CVE-2021-36399 Moodle 跨站脚本漏洞 CWE-79 5.4 -2023-03-06
CVE-2021-36392 Moodle SQL注入漏洞 CWE-89 9.8 -2023-03-06
CVE-2021-36394 Moodle 代码注入漏洞 CWE-384 9.8 -2023-03-06
CVE-2021-36393 Moodle SQL注入漏洞 CWE-89 9.8 -2023-03-06
CVE-2021-36398 Moodle 跨站脚本漏洞 CWE-79 5.4 -2023-03-06
CVE-2021-36395 Moodle 安全漏洞 CWE-400 7.5 -2023-03-06
CVE-2021-36396 Moodle 代码问题漏洞 CWE-918 7.5 -2023-03-06

All 148 known CVE vulnerabilities affecting moodle with full Chinese analysis, references, and POCs where available.