Moodle Security Vulnerabilities (CVEs)
Track 75 security vulnerabilities affecting Moodle products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes a cross-site scripting (XSS) vulnerability in Moodle's site log report where HTML content in event descriptions isn't properly enco...
May 31, 2024This CSRF vulnerability in MFA logout allows attackers to forcibly log out authenticated users by tricking them into clicking malicious links. It affe...
May 31, 2024This vulnerability allows attackers to bypass ReCAPTCHA protection on the login page of affected systems, potentially enabling brute-force attacks or ...
May 31, 2024This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Moodle's admin preset tool where actions lack anti-CSRF tokens. Attackers can ...
May 31, 2024This stored cross-site scripting (XSS) vulnerability in Moodle's equation editor allows attackers to inject malicious scripts when editing another use...
May 31, 2024This vulnerability in Moodle's MFA system allows attackers to bypass multi-factor authentication by manipulating the referrer URL. It affects Moodle i...
May 31, 2024This vulnerability in Moodle's file picker unzip functionality allows attackers to cause denial of service by uploading specially crafted zip files th...
Feb 19, 2024This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Moodle's cURL blocked hosts list logic. The flaw allows attackers to bypass I...
Jun 22, 2023This CVE describes a cross-site scripting (XSS) vulnerability in Moodle's algebra filter feature. When the algebra filter is enabled but not properly ...
Mar 23, 2023CVE-2023-28333 is a Mustache template injection vulnerability in Moodle's pix helper that could allow remote code execution if user input is improperl...
Mar 23, 2023CVE-2023-28330 is an insufficient input sanitization vulnerability in backup functionality that allows authenticated users with teacher, manager, or a...
Mar 23, 2023CVE-2021-36392 is a critical SQL injection vulnerability in Moodle's user enrollment library that allows attackers to execute arbitrary SQL queries. T...
Mar 6, 2023CVE-2021-36394 is a critical remote code execution vulnerability in Moodle's Shibboleth authentication plugin. Attackers can execute arbitrary code on...
Mar 6, 2023This vulnerability in Moodle allows attackers to bypass cURL security restrictions through insufficient redirect handling, enabling blind Server-Side ...
Mar 6, 2023This Moodle vulnerability allows remote attackers to set the 'start page' preference for other users, bypassing intended access controls. Attackers ca...
Feb 17, 2023This critical Moodle vulnerability allows remote code execution through improper PostScript parsing in GhostScript. Attackers can exploit it to take c...
Jul 25, 2022CVE-2022-30599 is a critical SQL injection vulnerability in Moodle's badges functionality that allows attackers to execute arbitrary SQL commands. Thi...
May 18, 2022This CVE describes an SQL injection vulnerability in Badges code related to configuring criteria. It allows authenticated users with teacher or manage...
Mar 25, 2022This vulnerability in Moodle's draft files area allows attackers to cause denial-of-service by bypassing user file upload limits. It affects Moodle in...
Mar 11, 2022This SQL injection vulnerability in Moodle allows attackers to execute arbitrary SQL commands via XML-RPC calls when MNet (Moodle Network) is enabled ...
Mar 11, 2022This SQL injection vulnerability in Moodle's H5P activity web service allows attackers to execute arbitrary SQL commands. It affects Moodle installati...
Jan 25, 2022This Cross-Site Request Forgery (CSRF) vulnerability in Moodle allows attackers to trick authenticated users into unknowingly deleting badge alignment...
Jan 25, 2022This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Moodle's badge deletion functionality. Attackers can trick authenticated users...
Nov 22, 2021This vulnerability allows remote attackers to execute arbitrary code on Moodle servers by exploiting improper input validation during backup file rest...
Nov 22, 2021This vulnerability allows authenticated administrators in Moodle to execute arbitrary commands on the server through the legacy spellchecker plugin. A...
Jun 23, 2021Why Monitor Moodle Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 75+ known vulnerabilities affecting Moodle products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Moodle packages in under 60 seconds. No agents required - completely agentless scanning that works across Moodle deployments.
Free vulnerability database: Access detailed information about every Moodle CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Moodle CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
