CVE-2025-31845: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the WordPress Theme Duplicator plugin developed by Rohit Choudhary. The vulnerability affects versions through 1.1 of the Theme Duplicator plugin. This security issue was discovered by Abdi Pranata and was officially published on April 1, 2025 (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with low impact on integrity and no impact on confidentiality or availability (NVD, Patchstack).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered low, and the vulnerability is unlikely to be exploited effectively (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects Theme Duplicator plugin versions up to 1.1, and no patched version has been released (Patchstack).