CVE-2025-3645 – Moodle Information Disclosure Vulnerability

April 25, 2025

CVE ID : CVE-2025-3645

Published : April 25, 2025, 3:15 p.m. | 3 hours, 46 minutes ago

Description : A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users’ names and online statuses.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3643 – Moodle Reflected Cross-site Scripting Vulnerability

Next Article CVE-2025-3644 – Moodle Course Section Deletion Privilege Escalation Vulnerability

Highlights

CVE-2024-12023 – “Elementor CRM FULL Cliente SQL Injection Vulnerability”

May 2, 2025

CVE ID : CVE-2024-12023

Published : May 2, 2025, 4:15 a.m. | 3 hours, 5 minutes ago

Description : The FULL – Cliente plugin for WordPress is vulnerable to SQL Injection via the ‘formId’ parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable when the PRO version of the plugin is activated, along with Elementor Pro and Elementor CRM.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

OneDrive for Mac will soon give you more flexible storage options

From The Editor’s Desk — new Windows Central community features, we’d like to hear from you!

New code strings attached to Xbox Game Pass suggests a price increase may be imminent

This could be the versatile laptop accessory I’ve been waiting for — Here’s why it stands out from other portable monitors

Worker Threads in Node.js: A Complete Guide for Multithreading in JavaScript

Worker Threads in Node.js: A Complete Guide for Multithreading in JavaScript

Everybody’s gone lintin’

QAQ-QQ-AI-QUEST

OneDrive for Mac will soon give you more flexible storage options

OneDrive for Mac will soon give you more flexible storage options

From The Editor’s Desk — new Windows Central community features, we’d like to hear from you!

New code strings attached to Xbox Game Pass suggests a price increase may be imminent

CVE-2025-3645 – Moodle Information Disclosure Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Mitel OpenScape Flaw (CVE-2025-23092): High-Severity Path Traversal Allows Admin RCE

CVE-2025-5637 – PCMan FTP Server SYSTEM Command Handler Buffer Overflow Vulnerability

Understanding Font Families

CVE-2025-43546 – Oracle Bridge Integer Underflow Vulnerability

Forget ChatGPT? Alibaba’s Qwen3 Might Be the New AI King

CVE-2024-12023 – “Elementor CRM FULL Cliente SQL Injection Vulnerability”

Turn Data Chaos into AI Clarity with Data Quality Management

Exclusive Talk: Joey Conway of NVIDIA on Llama Nemotron Ultra and Open Source Models

Ransomware scum disrupted utility services with SimpleHelp attacks

CVE-2025-3645 – Moodle Information Disclosure Vulnerability

Related Posts