Primary

Context

Moodle Quiz Notification Vulnerability for Inactive Users

Vulnerability

Patched

A vulnerability in Moodle's quiz notification system allows suspended or inactive users to receive messages about quizzes. This issue arises from improper verification of enrolment status, which can inadvertently disclose limited course information to these users. The vulnerability affects Moodle versions 5.0 prior to 5.0.3 and 4.5 prior to 4.5.7.

Impact

Exploitation of this vulnerability could lead to unauthorized access to quiz-related information, allowing inactive users to receive notifications that could include details about ongoing assessments.

Added: Oct 23, 2025, 12:22 PM

Updated: Oct 23, 2025, 12:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

8.7

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

8.7

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Quiz Notification Vulnerability for Inactive Users

Vulnerability

Impact

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating