CVE-2021-4399

CVE-2021-4399

Name

CVE-2021-4399

Description

The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(), connection_test_initiater(), admin_menus(), and subscribe_handler() function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2478642%40edwiser-bridge&new=2478642%40edwiser-bridge&sfp_email=&sfph_mail=
MISC	https://www.wordfence.com/threat-intel/vulnerabilities/id/6450dafd-5992-4831-87af-e5e47cc8663e?source=cve
MISC	https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/
MISC	https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/
MISC	https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/
MISC	https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/
MISC	https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/
MISC	https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
MISC	https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/

Type

URI

MISC

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2478642%40edwiser-bridge&new=2478642%40edwiser-bridge&sfp_email=&sfph_mail=

MISC

https://www.wordfence.com/threat-intel/vulnerabilities/id/6450dafd-5992-4831-87af-e5e47cc8663e?source=cve

MISC

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/

MISC

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/

MISC

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/

MISC

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/

MISC

https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/

MISC

https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/

MISC

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:edwiser:bridge::::::wordpress::*`	bridge	>= None	<= 2.0.6

CPE URI

Source package

Min version

Max version

cpe:2.3:a:edwiser:bridge:*:*:*:*:*:wordpress:*:*

bridge

>= None

<= 2.0.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
bridge	edge-main	1.5-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
bridge	3.18-main	1.5-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
bridge	3.17-main	1.5-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
bridge	3.16-main	1.5-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
bridge	3.15-main	1.5-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

bridge

edge-main

1.5-r5

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

bridge

3.18-main