CVE Details
Basic Information
| Title | Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update |
|---|---|
| Type | cve |
| Published | 2025-06-10T03:41:37.078Z |
| Last Seen |
Product Information
| Vendor | steph |
|---|---|
| Product | Bunny’s Print CSS |
| Version | * |
CVSS Information
| Base Score | 4.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 0.95. This vulnerability allows unauthenticated attackers to update plugin settings by tricking an administrator into performing a malicious action, such as clicking a link. The issue arises from missing or incorrect nonce validation in the `pcss_options_subpanel()` function. |
|---|---|
| AI Severity | Medium |
| Vendor | WordPress Community |
| Product | Bunny’s Print CSS |
| Affected Version | <= 0.95 |
Affected Products
- steph Bunny’s Print CSS *
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-352 |
| Bulletin Family |
References
Description
The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.