Impact
The Brikk theme for WordPress, versions 3.0.0 and all earlier releases, contains a missing authorization check that allows any authenticated subscriber to delete arbitrary content. The flaw can be exercised through the theme’s content‑management interface, removing posts, pages or other user‑generated material and compromising the integrity of the site’s data.
Affected Systems
The vulnerability affects the Utillz Brikk WordPress theme for all releases up to and including 3.0.0. WordPress sites that have installed any of these versions are susceptible.
Risk and Exploitability
The CVSS score of 7.5 indicates moderate‑to‑high severity, while the EPSS score of less than 1 % suggests a low but non‑zero likelihood of exploitation in the near term; it is not listed in CISA KEV. The exploit requires an authenticated subscriber account and the ability to invoke the deletion functionality via the theme’s management UI; no elevated privileges or remote network access are needed. Based on the description, it is inferred that the most likely attack vector is the WordPress admin interface where the user can trigger content deletion.
OpenCVE Enrichment