CVE-2025-52784: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in hideoguchi Bluff Post WordPress plugin affecting versions through 1.1.1. The vulnerability was reported on May 10, 2025, and was publicly disclosed on June 19, 2025. The issue was assigned CVE-2025-52784 and received a CVSS v3.1 base score of 7.1 (High) (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) which allows Stored XSS. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is changed, with low impact on confidentiality, integrity, and availability (Patchstack).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The software is considered abandoned as it hasn't been updated for over a year, increasing the potential security risk for users (Patchstack).

No official fix is available for this vulnerability. The recommended solution is to remove and replace the software, as it appears to be abandoned and is unlikely to receive further updates or security fixes (Patchstack).