Description
Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through <= 4.3.2.
Published: 2026-01-23
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Update Plugin
AI Analysis

Impact

A missing authorization check in WisdmLabs Edwiser Bridge allows an attacker to bypass the plugin’s access control security levels. This flaw is a classic broken access control vulnerability identified as CWE‑862, meaning an attacker could potentially view, modify, or delete data protected by the plugin without proper privileges. The impact is the loss of confidentiality, integrity, and potentially availability of course management data stored by the plugin.

Affected Systems

The vulnerability affects the WisdmLabs Edwiser Bridge WordPress plugin, versions from the first available release up through 4.3.2. No other products or versions are listed as affected.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity, while the EPSS score of less than 1% suggests a very low probability of exploitation at present. The vulnerability is not currently listed in the CISA KEV catalogue. Based on the description, the likely attack vector involves making authenticated or unauthenticated HTTP requests to plugin URLs or API endpoints that rely on the missing authorization check. An attacker sending crafted requests could gain privileged access to plugin data or administrative functions.

Generated by OpenCVE AI on April 16, 2026 at 01:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Edwiser Bridge plugin to the latest available release that addresses the missing authorization flaw.
  • If an upgrade is unavailable, deploy a web application firewall or similar rule set to block direct access to the vulnerable plugin endpoints, limiting the scope of potential exploitation.
  • Ensure that WordPress user roles are appropriately configured, granting administrative access to the plugin only to users who require it, and review site permissions regularly to enforce least privilege.

Generated by OpenCVE AI on April 16, 2026 at 01:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

 cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Mon, 26 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Wisdmlabs
Wisdmlabs edwiser Bridge
Wordpress
Wordpress wordpress
Vendors & Products Wisdmlabs
Wisdmlabs edwiser Bridge
Wordpress
Wordpress wordpress

Fri, 23 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through <= 4.3.2.
Title WordPress Edwiser Bridge plugin <= 4.3.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Wisdmlabs Edwiser Bridge
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-23T14:14:06.771Z

Reserved: 2026-01-23T12:32:02.838Z

Link: CVE-2026-24570

cve-icon Vulnrichment

Updated: 2026-01-26T18:43:13.286Z

cve-icon NVD

Status : Deferred

Published: 2026-01-23T15:16:14.897

Modified: 2026-04-23T15:36:50.600

Link: CVE-2026-24570

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T01:45:20Z

Weaknesses