Description
Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03.
Published: 2025-10-27
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows attackers to exploit incorrect access control levels in the Persian Admin Fonts plugin. An unauthenticated or low‑privilege user could potentially gain higher privileges or access restricted functionalities within the WordPress site, leading to unauthorized configuration changes or content manipulation.

Affected Systems

WordPress sites that have the MDZ Persian Admin Fonts plugin installed whose versions run through 4.1.03 are affected. No precise version range beyond the threshold is given, so all releases up to and including 4.1.03 are susceptible.

Risk and Exploitability

The CVSS score is 5.4, indicating moderate severity, and the EPSS score is below 1 %, suggesting a low exploitation probability at present. The vulnerability is not listed in the CISA KEV catalog. Attacks would likely be conducted remotely via the web interface of the affected WordPress site, requiring the attacker to interact with the plugin's exposed endpoints. No additional prerequisites or special conditions are noted in the available information.

Generated by OpenCVE AI on April 29, 2026 at 20:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Persian Admin Fonts plugin to version 4.1.04 or later, which contains the authorization fix.
  • Verify that only intended user roles have access to the plugin’s administrative pages and functions.
  • Enforce strict role‑based access controls and review any custom capabilities that may grant excessive privileges in the WordPress installation.

Generated by OpenCVE AI on April 29, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Mon, 27 Oct 2025 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Mon, 27 Oct 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 27 Oct 2025 02:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03.
Title WordPress Persian Admnin Fonts plugin <= 4.1.03 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:07.354Z

Reserved: 2025-10-24T14:25:13.437Z

Link: CVE-2025-62980

cve-icon Vulnrichment

Updated: 2025-10-27T15:08:46.271Z

cve-icon NVD

Status : Deferred

Published: 2025-10-27T02:15:58.807

Modified: 2026-04-27T17:16:39.540

Link: CVE-2025-62980

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T20:30:19Z

Weaknesses