CVE-2025-5925
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-06-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Bunny's Print CSS WordPress plugin (up to version 0.95). It occurs because the plugin's function pcss_options_subpanel() lacks proper nonce validation, which is a security measure to verify that requests are legitimate. As a result, an attacker can trick a site administrator into performing an unwanted action, such as updating plugin settings, by making them click on a malicious link without their knowledge.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to modify the plugin's settings by exploiting the administrator's session through a forged request. Specifically, an attacker could change the print.css file contents or other plugin options without authorization, potentially altering the website's appearance or behavior. Although it does not directly lead to data theft or site takeover, it can cause unauthorized changes that may affect site integrity or user trust. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WordPress site is running the Bunny's Print CSS plugin version 0.95 or earlier and if the admin panel for editing print.css is accessible without proper nonce validation. Since the vulnerability involves Cross-Site Request Forgery due to missing or incorrect nonce validation on the pcss_options_subpanel() function, detection involves verifying the presence of this plugin and its version. There are no specific network commands provided in the resources to detect exploitation attempts. However, you can check for the presence of the plugin files and version via WordPress plugin management commands or by inspecting the plugin directory. Additionally, monitoring HTTP POST requests to the admin submenu page related to print.css editing for suspicious or unauthorized changes could help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or removing the Bunny's Print CSS plugin if it is not essential, or restricting access to the plugin's admin panel to trusted administrators only. Since the vulnerability is due to missing or incorrect nonce validation, applying a patch or update that adds proper nonce checks to the pcss_options_subpanel() function is recommended once available. Until then, ensure that site administrators are cautious about clicking on untrusted links that could trigger forged requests. Additionally, monitoring and logging admin panel activities related to the print.css editing can help detect any unauthorized changes. [1]