Primary

Context

Moodle Glossary Module Trusttext Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in the Moodle glossary module, specifically in versions 4.5 prior to 4.5.1, 4.4 prior to 4.4.5, 4.3 prior to 4.3.9, 4.1 prior to 4.1.15, and earlier unsupported versions. The issue allows teachers to bypass the trusttext configuration when restoring glossary entries. This occurs because additional checks were needed to ensure that the trusttext feature, when enabled, is properly applied to glossary entries being restored.

Impact

Exploitation of this vulnerability could lead to unauthorized evasion of the trusttext configuration, allowing for potential manipulation of glossary entry content.

Remediation

Users can upgrade to Moodle versions 4.5.2, 4.4.6, 4.3.10, or 4.1.16 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.7

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.7

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Glossary Module Trusttext Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating