CVE-2021-38342

Name of the Vulnerable Software and Affected Versions Nested Pages WordPress plugin versions <= 3.1.15

Description The issue allows attackers to perform Cross-Site Request Forgery attacks via the npBulkAction and npBulkEdit actions, enabling them to modify posts, including trashing or purging them, changing their status, reassigning ownership, and editing metadata.

Recommendations For Nested Pages WordPress plugin versions <= 3.1.15, update to a version greater than 3.1.15 to resolve the issue. As a temporary workaround, consider restricting access to the npBulkAction and npBulkEdit admin post actions to minimize the risk of exploitation.