CVE-2025-64368 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Mikado-Themes Bard WordPress plugin, affecting versions up to 1.6. The vulnerability allows attackers to induce authenticated users to perform unintended actions via crafted requests. The CVSS 3.1 base score is 5.4, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, low integrity impact, and low availability impact. No patch or vendor advisory is currently available, and no known exploits have been reported. The plugin is not a cloud service, so remediation depends on updates from the vendor or user-applied mitigations.

The vulnerability can lead to limited integrity and availability impacts by enabling attackers to perform unauthorized actions through CSRF attacks against authenticated users of the Bard plugin. Confidentiality is not affected. The medium CVSS score reflects these limited impacts. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider applying general CSRF mitigations such as disabling or restricting the plugin if feasible, or limiting user privileges to reduce risk. Monitor the vendor's channels for updates and apply patches promptly once available.