WordPress bunny.net plugin <= 2.3.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin bunny.net versions = 2.3.6...

CVE-2025-14947

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackcreatebunnystreamvideo, ajaxcallbackgetbunnystreamvideo, and ajaxcallbackdeletebunnystreamvideo functions in all versions up to, and including,...

CVE-2025-14947

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackcreatebunnystreamvideo, ajaxcallbackgetbunnystreamvideo, and ajaxcallbackdeletebunnystreamvideo functions in all versions up to, and including,...

CVE-2025-14947

The CVE-2025-14947 entry concerns the All-in-One Video Gallery WordPress plugin (versions up to 4.6.4). The vulnerability is a missing capability check in ajax_callback_create_bunny_stream_video, ajax_callback_get_bunny_stream_video, and ajax_callback_delete_bunny_stream_video, allowing unauthent...

CVE-2025-14947 All-in-One Video Gallery <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackcreatebunnystreamvideo, ajaxcallbackgetbunnystreamvideo, and ajaxcallbackdeletebunnystreamvideo functions in all versions up to, and including,...

CVE-2025-14947

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackcreatebunnystreamvideo, ajaxcallbackgetbunnystreamvideo, and ajaxcallbackdeletebunnystreamvideo functions in all versions up to, and including,...

CVE-2025-14947 All-in-One Video Gallery <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackcreatebunnystreamvideo, ajaxcallbackgetbunnystreamvideo, and ajaxcallbackdeletebunnystreamvideo functions in all versions up to, and including,...

WordPress All-in-One Video Gallery plugin <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion vulnerability

Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion vulnerability discovered by andrea bocchetti in WordPress Plugin All-in-One Video Gallery versions = 4.6.4...

WordPress plugin All-in-One Video Gallery has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-4521

Name of the Vulnerable Software and Affected Versions All-in-One Video Gallery plugin for WordPress versions through 4.6.4 Description The All-in-One Video Gallery plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check on the ajax callback crea...

EUVD-2014-5594

Malware in sbrugna...

CVE-2025-59418

BunnyPad is a note taking software. Prior to version 11.0.27000.0915, opening files greater than or equal to 20MB causes buffer overflow to occur. This issue has been patched in version 11.0.27000.0915. Users who wish not to upgrade should refrain from opening files larger than 10MB...

Rapid7 Q2 2025 Incident Response Findings

Rapid7’s Q2 incident response IR data illustrates a solidification of trends first observed in Q1. There are no sweeping changes to commonly observed malware, or noticeably different software being deployed by threat actors in Q2. If you were expecting Bunny Loader to lose its impressive...

CVE-2025-5925

The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcssoptionssubpanel function. This makes it possible for unauthenticated attackers to update settings via ...

PT-2024-24006 · Bunny.Net · Bunny.Net

Name of the Vulnerable Software and Affected Versions: bunny.Net versions n/a through 2.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicio...

WordPress bunny.net plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin bunny.net versions = 2.0.1...

BlueBunny - BLE Based C2 For Hak5's Bash Bunny

C2 solution that communicates directly over Bluetooth-Low-Energy with your Bash Bunny Mark II. Send your Bash Bunny all the instructions it needs just over the air. Overview Structure Installation & Start 1. Install required dependencies pip install pygatt "pygattGATTTOOL" Make sure BlueZ is...

Malicious code in bunny-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdb56dc2493b19a12946344c0395bfb3851aac9a4b34e57f3b5cdb1ab9653e48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1729 Malicious code in bunny-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdb56dc2493b19a12946344c0395bfb3851aac9a4b34e57f3b5cdb1ab9653e48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bunny-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d3066f0d68cfac3896910ac4182cb9d8512b61acff3ce7ab86805e49807282ff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...