CVE-2021-4399: 
WordPress vulnerability analysis and mitigation

The Edwiser Bridge plugin for WordPress (versions up to and including 2.0.6) contains a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2021-4399. The vulnerability was discovered and disclosed on June 28, 2021, with the last update to the CVE record on July 1, 2023 (NVD, Wordfence).

The vulnerability stems from missing or incorrect nonce validation in multiple functions including userdatasynchronizationinitiater(), coursesynchronizationinitiater(), userslinktomoodlesynchronization(), connectiontestinitiater(), adminmenus(), and subscribe_handler(). The vulnerability has received varying CVSS scores, with the NVD assigning a CVSS 3.1 Base Score of 8.8 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Wordfence assessed it at 4.3 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

The vulnerability allows unauthenticated attackers to perform unauthorized actions by tricking site administrators into performing actions such as clicking on malicious links. This could potentially lead to unauthorized data access and system modifications (NVD).

The vulnerability has been patched in versions after 2.0.6. Users are advised to update to the latest version of the Edwiser Bridge plugin to mitigate this security risk (Wordfence).