CVE-2025-28884: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress plugin WP Bulk Post Duplicator, affecting versions up to 1.2. The vulnerability was reported by Nguyen Xuan Chien on February 25, 2025, and was publicly disclosed on March 11, 2025. The issue has been assigned CVE-2025-28884 and received a CVSS v3.1 score of 4.3 (Medium) (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery). It received a CVSS v3.1 Base Score of 4.3 (Medium) with the following vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, requires user interaction, has unchanged scope, and can only impact integrity with low severity (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact is considered low severity and is unlikely to be exploited (Patchstack).

As of March 17, 2025, no official fix has been released for this vulnerability. The issue is considered low priority, and virtual patching has been deemed unnecessary by security researchers (Patchstack).