The Bard WordPress theme contains a CSRF flaw described as CWE‑352. Attackers who can cause an authenticated user to unknowingly send a crafted request can trigger actions such as content or settings modification. The vulnerability permits unauthorized change of site data and could lead to data integrity compromise. The flaw is present in all Bard installs from the earliest release up to version 1.6, allowing any authenticated visitor to perform the privileged action without additional authentication.

Affected systems include the Mikado‑Themes Bard WordPress theme, all installations running version 1.6 or earlier. The theme is available as a WordPress plugin named Bard; any site using these versions exposes the CSRF vulnerability.

The CVSS score of 5.4 indicates moderate severity. The EPSS score of less than 1 percent shows the probability of exploitation is very low at present. The vulnerability is not listed in CISA’s KEV database. Attackers would need to target an authenticated user, typically an administrator or a user with editing rights, and coerce them to visit a crafted URL or submit a form that triggers the vulnerable endpoint. Without the presence of additional authentication measures, a successful exploitation can change content or site settings.