Skip to main content

Bunny Net

1 CVEs product

Monthly

CVE-2025-68049 MEDIUM This Month

Broken Access Control in the bunny.net WordPress plugin (versions ≤ 2.3.6) enables subscriber-level authenticated users to invoke functionality restricted to higher-privileged roles, such as administrators. The root cause is CWE-862 (Missing Authorization) - the plugin fails to verify whether the authenticated requestor holds sufficient privileges before executing sensitive operations. Reported by Patchstack, this is a medium-severity finding (CVSS 6.3); no public exploit code and no CISA KEV listing have been identified at time of analysis, though the low barrier of a standard subscriber account on any affected WordPress site makes it noteworthy for multi-tenant or membership-based deployments.

Authentication Bypass Bunny Net
NVD
CVSS 3.1
6.3
EPSS
0.2%
EPSS 0% CVSS 6.3
MEDIUM This Month

Broken Access Control in the bunny.net WordPress plugin (versions ≤ 2.3.6) enables subscriber-level authenticated users to invoke functionality restricted to higher-privileged roles, such as administrators. The root cause is CWE-862 (Missing Authorization) - the plugin fails to verify whether the authenticated requestor holds sufficient privileges before executing sensitive operations. Reported by Patchstack, this is a medium-severity finding (CVSS 6.3); no public exploit code and no CISA KEV listing have been identified at time of analysis, though the low barrier of a standard subscriber account on any affected WordPress site makes it noteworthy for multi-tenant or membership-based deployments.

Authentication Bypass Bunny Net
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy