CVE-2021-4399
The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(), connection_test_initiater(), admin_menus(), and subscribe_handler() function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
We have discovered 98 live websites that are affected by CVE-2021-4399.
Affected Software
| Product |  Edwiser Bridge |
| Category | Wordpress Plugins |
| Vulnerable Domains | 98 live websites (100% of Edwiser Bridge install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Details
- Published - Jul 1, 2023
- Updated - Oct 28, 2024
Credits
- Jerome Bruandet (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2021-4399 United States | 30 websites |
 Spain | 9 websites |
 Germany | 8 websites |
 GB | 8 websites |
 Australia | 5 websites |
 France | 5 websites |
 Brazil | 4 websites |
 Ireland | 3 websites |
 Poland | 3 websites |
 Cyprus | 2 websites |
Website Distribution by TLD
Number of websites using CVE-2021-4399| .com | 37 websites |
| .org | 12 websites |
| .co.uk | 5 websites |
| .es | 5 websites |
| .com.br | 4 websites |
| .eu | 4 websites |
| .net | 4 websites |
| .com.au | 3 websites |
| .pl | 2 websites |
| .de | 1 websites |
Websites affected by CVE-2021-4399
Top websites that are affected by CVE-2021-4399. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.pl | Poland | ***,*** | |
| ***************.org | United States | ***,*** | |
| ******.net | Germany | *,***,*** | |
| ******.es | Spain | *,***,*** | |
| *************.org | United States | *,***,*** | |
| ***********************.com | GB | *,***,*** | |
| ************.**.uk | GB | *,***,*** | |
| **********.pl | Poland | *,***,*** | |
| **********.***.au | Australia | *,***,*** | |
| *******************.com | United States | *,***,*** |
FAQ
A total of 98 websites have been identified as vulnerable to CVE-2021-4399, based on global website indexing conducted by WebTechSurvey.
The Edwiser Bridge is affected by the CVE-2021-4399 vulnerability.
Edwiser Bridge versions up to and including 2.0.6 are vulnerable to CVE-2021-4399.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6450dafd-5992-4831-87af-e5e47cc8663e?source=cve
- https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
- https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/
- https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/
- https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/
- https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/
- https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/
- https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2478642%40edwiser-bridge&new=2478642%40edwiser-bridge&sfp_email=&sfph_mail=