Arbitrary Page Creation via Cross-Site Request Forgery (CSRF) vulnerability was discovered by Daniel Ruf in the WordPress Bulk Page Creator plugin (versions <= 1.1.3).
Update the WordPress Bulk Page Creator plugin to the latest available version (at least 1.1.4).