Skip to main content

CVE-2025-5925: CWE-352 Cross-Site Request Forgery (CSRF) in steph Bunny’s Print CSS

Medium
VulnerabilityCVE-2025-5925cvecve-2025-5925cwe-352
Published: Tue Jun 10 2025 (06/10/2025, 03:41:37 UTC)
Source: CVE Database V5
Vendor/Project: steph
Product: Bunny’s Print CSS

Description

The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

AI-Powered Analysis

AILast updated: 07/11/2025, 02:17:16 UTC

Technical Analysis

CVE-2025-5925 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Bunny’s Print CSS plugin for WordPress, specifically all versions up to and including 0.95. The vulnerability arises due to missing or incorrect nonce validation in the pcss_options_subpanel() function, which is responsible for handling plugin settings updates. Nonces in WordPress are security tokens used to verify the legitimacy of requests and prevent unauthorized actions. The absence or improper implementation of nonce validation allows an attacker to craft a malicious request that, if executed by an authenticated site administrator (e.g., by clicking a link or visiting a malicious page), can update the plugin’s settings without the administrator’s explicit consent. This type of attack does not require the attacker to be authenticated themselves but relies on tricking a privileged user into performing an action. The CVSS 3.1 base score of 4.3 reflects a medium severity, indicating limited impact primarily on the integrity of the plugin’s configuration, with no direct impact on confidentiality or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is typical of CSRF issues where state-changing operations lack proper request validation, making it a significant concern for WordPress sites using this plugin, especially those with multiple administrators or users with elevated privileges.

Potential Impact

For European organizations using WordPress sites with the Bunny’s Print CSS plugin, this vulnerability poses a risk of unauthorized modification of plugin settings, which could lead to misconfigurations affecting site behavior or appearance. While it does not directly compromise sensitive data or availability, altered settings could be leveraged as a foothold for further attacks or to degrade user experience. Organizations with multiple administrators or editors are particularly vulnerable since the attack requires tricking an authenticated user with sufficient privileges. This could affect corporate websites, e-commerce platforms, or content portals, potentially damaging reputation or causing operational disruptions. Given the widespread use of WordPress across Europe, especially in small and medium enterprises, the vulnerability could be exploited in targeted phishing campaigns. However, the lack of known exploits and the medium severity suggest the immediate risk is moderate but should not be ignored.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should first verify if they use the Bunny’s Print CSS plugin and identify the version in use. Immediate steps include: 1) Restrict administrative access to trusted personnel and enforce strong authentication mechanisms to reduce the risk of successful CSRF exploitation. 2) Educate administrators about phishing and social engineering tactics to prevent them from clicking on malicious links. 3) Monitor and audit plugin settings for unexpected changes. 4) If possible, implement Web Application Firewall (WAF) rules to detect and block suspicious POST requests targeting the plugin’s settings endpoint. 5) Since no official patch is currently available, consider temporarily disabling the plugin or replacing it with alternative solutions until a secure version is released. 6) Follow up with the plugin vendor or WordPress security advisories for updates and apply patches promptly once available. 7) Employ Content Security Policy (CSP) headers to reduce the risk of malicious script execution that could facilitate CSRF attacks.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-06-09T14:28:56.837Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f591b0bd07c3938aa54

Added to database: 6/10/2025, 6:54:17 PM

Last enriched: 7/11/2025, 2:17:16 AM

Last updated: 8/6/2025, 12:33:14 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats