Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Reflected XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.8.
Published: 2025-01-27
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Improper Neutralization of Input During Web Page Generation, specifically a reflected Cross‑Site Scripting flaw. An attacker can inject malicious scripts that are executed in the victim’s browser when a crafted URL or form is accessed. This can lead to session hijacking, phishing, or delivery of malware, compromising the confidentiality and integrity of the web application and its users. The weakness is identified as CWE-79.

Affected Systems

The flaw affects the WisdmLabs Edwiser Bridge WordPress plugin in all releases up to and including 3.0.8. Users running any of these versions on a WordPress installation are potentially exposed.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate severity. The EPSS score is below 1 %, suggesting a very low probability of exploitation in the wild at this time, and it is not listed in the CISA KEV catalog. The likely attack vector is a web‑based front‑end input—such as query string parameters or form fields—that reflects user data without proper sanitization, allowing the attacker to deliver and execute scripts in a victim’s browser.

Generated by OpenCVE AI on May 1, 2026 at 18:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WisdmLabs Edwiser Bridge to a version beyond 3.0.8
  • If an upgrade is delayed, restrict access to the plugin’s vulnerable pages or parameters, or apply input filtering to sanitize reflected data
  • Configure WordPress or the site’s Content Security Policy to disallow inline scripts and restrict script sources

Generated by OpenCVE AI on May 1, 2026 at 18:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3797 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Reflected XSS.This issue affects Edwiser Bridge: from n/a through <= 3.0.8.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Wed, 12 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 07 Feb 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Wisdmlabs
Wisdmlabs edwiser Bridge
CPEs cpe:2.3:a:wisdmlabs:edwiser_bridge:*:*:*:*:*:wordpress:*:*
Vendors & Products Wisdmlabs
Wisdmlabs edwiser Bridge

Mon, 27 Jan 2025 14:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8.
Title WordPress Edwiser Bridge plugin <= 3.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wisdmlabs Edwiser Bridge
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-11T23:21:41.891Z

Reserved: 2025-01-23T14:50:57.838Z

Link: CVE-2025-24593

cve-icon Vulnrichment

Updated: 2025-02-12T19:53:20.080Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T15:15:14.090

Modified: 2026-04-23T15:25:05.080

Link: CVE-2025-24593

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T18:15:22Z

Weaknesses