The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.
{ "cpes": [ "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*" ], "severity": "High" }