Description
Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.
Published: 2026-06-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Brikk theme for WordPress, versions 3.0.0 and all earlier releases, contains a missing authorization check that allows any authenticated subscriber to delete arbitrary content. The flaw can be exercised through the theme’s content‑management interface, removing posts, pages or other user‑generated material and compromising the integrity of the site’s data.

Affected Systems

The vulnerability affects the Utillz Brikk WordPress theme for all releases up to and including 3.0.0. WordPress sites that have installed any of these versions are susceptible.

Risk and Exploitability

The CVSS score of 7.5 indicates moderate‑to‑high severity, while the EPSS score of less than 1 % suggests a low but non‑zero likelihood of exploitation in the near term; it is not listed in CISA KEV. The exploit requires an authenticated subscriber account and the ability to invoke the deletion functionality via the theme’s management UI; no elevated privileges or remote network access are needed. Based on the description, it is inferred that the most likely attack vector is the WordPress admin interface where the user can trigger content deletion.

Generated by OpenCVE AI on June 17, 2026 at 20:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Brikk theme to a version newer than 3.0.0 that contains the fix.
  • Remove the delete capability from the subscriber role using the WordPress role editor or by applying a least‑privilege policy.
  • Block or filter the delete endpoint for non‑admin users with a security plugin or firewall rule to mitigate the risk while awaiting a patch.
  • Monitor the site’s content for unexplained deletions and review logs for suspicious activity.

Generated by OpenCVE AI on June 17, 2026 at 20:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Utillz
Utillz brikk
Wordpress
Wordpress wordpress
Vendors & Products Utillz
Utillz brikk
Wordpress
Wordpress wordpress

Fri, 19 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Description Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.
Title WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T10:53:55.108Z

Reserved: 2025-12-29T11:19:21.661Z

Link: CVE-2025-69103

cve-icon Vulnrichment

Updated: 2026-06-17T10:53:49.393Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:04:30Z

Weaknesses