WordPress Edwiser Bridge plugin <= 3.0.5 - Authentication Bypass due to Missing Empty Value Check vulnerability

Authentication Bypass due to Missing Empty Value Check vulnerability discovered by István Márton in WordPress Plugin Edwiser Bridge versions = 3.0.5...

Cross site request forgery (csrf)

The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the userdatasynchronizationinitiater, coursesynchronizationinitiater, userslinktomoodlesynchronization,...