WordPress Plugin Vulnerabilities

Edwiser Bridge < 2.0.7 - CSRF Nonce Bypass

Description

The plugin did not properly verify for CSRF nonces, allowing requests without them to bypass the checks in place. This could allow attackers to make logged in users perform unwanted actions.

Affects Plugins

Plugin icon
edwiser-bridge
Fixed in 2.0.7

References

URL
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/
URL
https://plugins.trac.wordpress.org/changeset/2478642

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Jerome Bruandet (NinTechNet)
Verified
Yes
WPVDB ID
34a8ea28-fd5a-4531-834b-7b699b5fc2da

Timeline

Publicly Published
2021-04-16 (about 2 years ago)
Added
2021-04-16 (about 2 years ago)
Last Updated
2022-01-17 (about 1 years ago)

Other

Published
Title
Published
2020-07-22
Title
Social Sharing Plugin < 1.2.10 - Cross-Site Request Forgery in Settings
Published
2023-10-13
Title
Automated Editor <= 1.3 - Arbitrary Settings Update via CSRF
Published
2021-07-05
Title
Locations < 4.0 - Cross-Site Request Forgery
Published
2020-09-16
Title
Dokan < 3.0.9 - Cross-Site Request Forgery
Published
2023-02-28
Title
Stripe Payments For WooCommerce by Checkout < 1.4.11 - Settings Update via CSRF