WP-Safety

Edwiser Bridge – WordPress Moodle Integration Security & Risk Analysis

wordpress.org/plugins/edwiser-bridge

Edwiser Bridge integrates WordPress with Moodle LMS & provides an easy option to import and sell Moodle courses using WordPress.

5K active installs v4.3.3 PHP + WP 6.0+ Updated Feb 17, 2026
lms-integrationmoodle-wordpress-integrationsell-moodle-courseswordpress-moodle-plugin
83
B · Generally Safe
CVEs total7
Unpatched0
Last CVEJan 21, 2026
Plugin page Download
Safety Verdict

Is Edwiser Bridge – WordPress Moodle Integration Safe to Use in 2026?

Mostly Safe

Score 83/100

Edwiser Bridge – WordPress Moodle Integration is generally safe to use. 7 past CVEs were resolved. Keep it updated.

7 known CVEsLast CVE: Jan 21, 2026Updated 1mo ago
Risk Assessment

The Edwiser Bridge plugin v4.3.3 exhibits a mixed security posture. While it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output, several areas raise significant concerns. The presence of unprotected AJAX handlers and REST API routes creates potential attack vectors that could be exploited by unauthenticated users. The taint analysis revealing six high-severity flows, even without critical ones, indicates potential for serious vulnerabilities if these flows are not properly handled by application logic.

The plugin's vulnerability history is also a major red flag. With seven known CVEs, including two critical ones and a history of common vulnerability types like missing authorization, XSS, SSRF, and SQL injection, it suggests a pattern of security weaknesses. The recent critical vulnerabilities point towards ongoing issues that may not have been fully addressed. While there are currently no unpatched vulnerabilities, the historical pattern of serious flaws and the static analysis findings of unprotected entry points warrant a cautious approach.

In conclusion, while the plugin has strengths in its basic code hygiene for SQL and output handling, the numerous unprotected entry points and the concerning vulnerability history, particularly the critical vulnerabilities, significantly elevate the risk. Users should exercise extreme caution and ensure they have robust security measures in place.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API route
  • High severity taint flows
  • Two critical historical CVEs
  • Five medium historical CVEs
  • Frequent historical vulnerability types
Vulnerabilities
7

Edwiser Bridge – WordPress Moodle Integration Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
5 CVEs in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
2
Medium
5

7 total CVEs

CVE-2026-24570medium · 4.3Missing Authorization

Edwiser Bridge <= 4.3.2 - Missing Authorization

Jan 21, 2026 Patched in 4.3.3 (35d)
CVE-2025-24593medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Edwiser Bridge – WordPress Moodle LMS Integration <= 3.0.8 - Reflected Cross-Site Scripting

Dec 25, 2024 Patched in 3.1.0 (62d)
CVE-2024-49311medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Edwiser Bridge <= 3.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Oct 15, 2024 Patched in 3.0.8 (31d)
CVE-2024-49312medium · 6.4Server-Side Request Forgery (SSRF)

Edwiser Bridge <= 3.0.7 - Authenticated (Subscriber+) Server-Side Request Forgery

Oct 15, 2024 Patched in 3.0.8 (31d)
CVE-2024-4186critical · 9.8Authentication Bypass Using an Alternate Path or Channel

Edwiser Bridge <= 3.0.5 - Authentication Bypass due to Missing Empty Value Check

May 6, 2024 Patched in 3.0.6 (160d)
CVE-2024-31260critical · 9.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Edwiser Bridge <= 3.0.2 - Authenticated (Administrator+) SQL Injection

Apr 5, 2024 Patched in 3.0.4 (7d)
CVE-2021-4399medium · 4.3Cross-Site Request Forgery (CSRF)

Edwiser Bridge <= 2.0.6 - Cross-Site Request Forgery Bypass

Jun 28, 2021 Patched in 2.0.7 (939d)
Code Analysis
Analyzed Mar 16, 2026

Edwiser Bridge – WordPress Moodle Integration Code Analysis

Dangerous Functions
0
Raw SQL Queries
11
68 prepared
Unescaped Output
89
1581 escaped
Nonce Checks
87
Capability Checks
26
File Operations
18
External Requests
26
Bundled Libraries
2

Bundled Libraries

Select2TinyMCE

SQL Query Safety

86% prepared79 total queries

Output Escaping

95% escaped1670 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

25 flows11 with unsanitized paths
<class-eb-admin-settings> (admin\class-eb-admin-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Edwiser Bridge – WordPress Moodle Integration Attack Surface

Entry Points13
Unprotected4

AJAX Handlers 10

authwp_ajax_eb_setup_change_stepadmin\setup-wizard\class-eb-setup-wizard-functions.php:43
authwp_ajax_eb_setup_course_syncadmin\setup-wizard\class-eb-setup-wizard-functions.php:44
authwp_ajax_eb_setup_close_setupadmin\setup-wizard\class-eb-setup-wizard-functions.php:45
authwp_ajax_eb_setup_save_and_continueadmin\setup-wizard\class-eb-setup-wizard-functions.php:46
authwp_ajax_eb_setup_test_connectionadmin\setup-wizard\class-eb-setup-wizard-functions.php:47
authwp_ajax_eb_setup_manage_licenseadmin\setup-wizard\class-eb-setup-wizard-functions.php:48
authwp_ajax_eb_setup_validate_licenseadmin\setup-wizard\class-eb-setup-wizard-functions.php:49
authwp_ajax_modular_analytics_deactivation_feedbackedwiser-bridge.php:217
authwp_ajax_modular_analytics_dismiss_feedbackedwiser-bridge.php:218
authwp_ajax_eb_get_order_detailsincludes\class-eb-blocks.php:22

REST API Routes 1

GET/wp-json/edwiser-bridge/wisdmlabs/includes\api\class-eb-external-api-endpoint.php:25

Shortcodes 2

[eb_payment_buttons] includes\payments\class-eb-payment-manager.php:25
[paypal] includes\payments\enhanced-paypal-shortcodes.php:967
WordPress Hooks 69
actionadmin_menuadmin\class-eb-admin-menus.php:30
actionadmin_menuadmin\class-eb-admin-menus.php:31
actionadmin_menuadmin\class-eb-admin-menus.php:32
actionadmin_menuadmin\class-eb-admin-menus.php:33
actionadmin_footeradmin\class-eb-admin-menus.php:34
actioneb_settings_footeradmin\class-eb-admin.php:259
actioneb_settings_headeradmin\class-eb-admin.php:261
filtermce_external_pluginsadmin\class-eb-email-template.php:28
filtereb_email_templates_listadmin\class-eb-email-template.php:32
filtereb_email_template_constantadmin\class-eb-email-template.php:33
filterwp_mail_from_nameadmin\class-eb-email-template.php:34
filterwp_mail_content_typeadmin\class-eb-email-template.php:618
filtermanage_users_columnsadmin\class-eb-moodle-link-unlink.php:26
filtermanage_users_custom_columnadmin\class-eb-moodle-link-unlink.php:27
filtereb_license_setting_messagesadmin\licensing\class-eb-licensing-manager.php:82
filtereb_settings_tabs_arrayadmin\licensing\class-licensing-settings.php:53
filtereb_settings_tabs_arrayadmin\settings\class-eb-bridge-summary.php:39
filtereb_settings_tabs_arrayadmin\settings\class-eb-error-log.php:32
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-connection.php:31
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-dummy.php:101
filtereb_get_sections_synchronizationadmin\settings\class-eb-settings-dummy.php:103
filtereb_get_settings_synchronizationadmin\settings\class-eb-settings-dummy.php:104
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-dummy.php:227
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-dummy.php:338
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-dummy.php:459
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-general.php:32
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-help.php:32
actionadmin_action_eb_helpadmin\settings\class-eb-settings-help.php:33
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-licensing.php:40
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-other-plugins.php:41
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-page.php:42
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-paypal.php:32
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-pro-featuers.php:89
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-shortcode-doc.php:32
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-synchronization.php:32
filtereb_settings_tabs_arrayadmin\settings\class-eb-settings-templates.php:41
actionadmin_initadmin\setup-wizard\class-eb-setup-wizard-functions.php:33
actionadmin_initadmin\setup-wizard\class-eb-setup-wizard-functions.php:34
actionadmin_menuadmin\setup-wizard\class-eb-setup-wizard-functions.php:35
actionadmin_enqueue_scriptsadmin\setup-wizard\class-eb-setup-wizard-functions.php:36
actionadmin_initadmin\setup-wizard\class-eb-setup-wizard-functions.php:40
filtereb_send_new_user_email_on_user_syncadmin\setup-wizard\class-eb-setup-wizard-functions.php:42
filterplugin_row_metaedwiser-bridge.php:98
actionadmin_initedwiser-bridge.php:131
actionplugins_loadededwiser-bridge.php:215
actionadmin_initincludes\analytics\class-modular-analytics.php:30
actionadmin_enqueue_scriptsincludes\analytics\class-modular-analytics.php:31
actionadmin_footerincludes\analytics\class-modular-analytics.php:32
actionadmin_noticesincludes\analytics\class-modular-analytics.php:104
actionadmin_post_modular_analytics_consentincludes\analytics\class-modular-analytics.php:249
actionrest_api_initincludes\api\class-eb-blocks-course-api.php:20
actionrest_api_initincludes\api\class-eb-blocks-my-courses-api.php:38
filterrest_authentication_errorsincludes\api\class-eb-blocks-my-courses-api.php:39
actionrest_api_initincludes\api\class-eb-blocks-user-account-api.php:21
filterrest_authentication_errorsincludes\api\class-eb-blocks-user-account-api.php:22
actionadmin_enqueue_scriptsincludes\class-eb-admin-notice-handler.php:665
actionadmin_footerincludes\class-eb-admin-notice-handler.php:667
actionadmin_enqueue_scriptsincludes\class-eb-admin-notice-handler.php:832
actionadmin_footerincludes\class-eb-admin-notice-handler.php:833
actioninitincludes\class-eb-blocks.php:11
actionwp_enqueue_scriptsincludes\class-eb-blocks.php:12
actionwp_enqueue_scriptsincludes\class-eb-blocks.php:13
actionwp_enqueue_scriptsincludes\class-eb-blocks.php:14
filtershould_load_separate_core_block_assetsincludes\class-eb-blocks.php:16
filterblock_type_metadata_settingsincludes\class-eb-blocks.php:17
filterblock_categories_allincludes\class-eb-blocks.php:18
actionwp_after_insert_postincludes\class-eb-blocks.php:19
filterdisplay_post_statesincludes\class-eb.php:609
actiontemplate_redirectincludes\class-eb.php:1378

Scheduled Events 1

eb_monthly_usage_tracking
Maintenance & Trust

Edwiser Bridge – WordPress Moodle Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 17, 2026
PHP min version
Downloads201K

Community Trust

Rating90/100
Number of ratings82
Active installs5K
Alternatives

Edwiser Bridge – WordPress Moodle Integration Alternatives

MooWoodle – WordPress Moodle LMS Integration, Sell Moodle Courses via WooCommerce

MooWoodle – WordPress Moodle LMS Integration, Sell Moodle Courses via WooCommerce

moowoodle

A
98

Moodle LMS integration with WordPress to sell Moodle courses through WooCommerce and automate student enrollment.

800 1 CVE
Developer Profile

Edwiser Bridge – WordPress Moodle Integration Developer Profile

WisdmLabs

7 plugins · 15K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
147 days
View full developer profile
Detection Fingerprints

How We Detect Edwiser Bridge – WordPress Moodle Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/edwiser-bridge/assets/css/backend/eb-admin-styles.css/wp-content/plugins/edwiser-bridge/assets/css/frontend/courses-grid.css/wp-content/plugins/edwiser-bridge/assets/css/frontend/courses-list.css/wp-content/plugins/edwiser-bridge/assets/css/frontend/edwiser-bridge-frontend.css/wp-content/plugins/edwiser-bridge/assets/css/frontend/my-courses.css/wp-content/plugins/edwiser-bridge/assets/css/frontend/themes/edwiser-bridge-theme-a.css/wp-content/plugins/edwiser-bridge/assets/css/frontend/themes/edwiser-bridge-theme-b.css/wp-content/plugins/edwiser-bridge/assets/css/frontend/themes/edwiser-bridge-theme-c.css+8 more
Script Paths
/wp-content/plugins/edwiser-bridge/includes/api/class-eb-external-api-endpoint.php/wp-content/plugins/edwiser-bridge/includes/analytics/class-modular-analytics.php/wp-content/plugins/edwiser-bridge/includes/class-eb-blocks.php
Version Parameters
edwiser-bridge/assets/css/backend/eb-admin-styles.css?ver=edwiser-bridge/assets/css/frontend/courses-grid.css?ver=edwiser-bridge/assets/css/frontend/courses-list.css?ver=edwiser-bridge/assets/css/frontend/edwiser-bridge-frontend.css?ver=edwiser-bridge/assets/css/frontend/my-courses.css?ver=edwiser-bridge/assets/css/frontend/themes/edwiser-bridge-theme-a.css?ver=edwiser-bridge/assets/css/frontend/themes/edwiser-bridge-theme-b.css?ver=edwiser-bridge/assets/css/frontend/themes/edwiser-bridge-theme-c.css?ver=edwiser-bridge/assets/js/admin/eb-admin-script.js?ver=edwiser-bridge/assets/js/admin/eb-settings.js?ver=edwiser-bridge/assets/js/frontend/courses-carousel.js?ver=edwiser-bridge/assets/js/frontend/edwiser-bridge-frontend.js?ver=edwiser-bridge/assets/js/frontend/my-courses.js?ver=edwiser-bridge/assets/js/frontend/themes/edwiser-bridge-theme-a.js?ver=edwiser-bridge/assets/js/frontend/themes/edwiser-bridge-theme-b.js?ver=edwiser-bridge/assets/js/frontend/themes/edwiser-bridge-theme-c.js?ver=

HTML / DOM Fingerprints

CSS Classes
eb-settings-wrappereb-page-titleeb-admin-sectioneb-course-grid-itemeb-course-list-itemeb-my-courses-list
HTML Comments
<!-- Edwiser Bridge CSS files--><!-- Edwiser Bridge JS files--><!-- Edwiser Bridge Course Carousel --><!-- Edwiser Bridge Frontend Script -->+1 more
Data Attributes
data-plugin-name='Edwiser Bridge'data-plugin-version='4.3.3'data-course-iddata-user-iddata-moodle-urldata-moodle-course-id
JS Globals
EdwiserBridgeFrontendEB_FRONTEND_PARAMSEB_ADMIN_PARAMSeb_settings_params
REST Endpoints
/wp-json/edwiser-bridge/v1/courses/wp-json/edwiser-bridge/v1/course//wp-json/edwiser-bridge/v1/user-courses/
Shortcode Output
[eb_course_grid][eb_course_list][eb_my_courses][eb_login_form]
FAQ

Frequently Asked Questions about Edwiser Bridge – WordPress Moodle Integration