CVE-2025-69103
Deferred Deferred - Pending Action
Subscriber Arbitrary Content Deletion in Brikk

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-69103
EUVD
EUVD-2025-210187
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack brikk to 3.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress Brikk Theme, versions 3.0.0 and below, contains a high priority vulnerability known as Arbitrary Content Deletion.

This vulnerability allows malicious actors who have Subscriber-level access to delete content such as posts, pages, or images from a website.

It has a CVSS severity score of 7.5, indicating a high risk, and is expected to be targeted in mass-exploit campaigns affecting many websites.

Impact Analysis

If exploited, this vulnerability can lead to the deletion of important website content including posts, pages, and images.

Such content loss can disrupt website operations, damage reputation, and cause data loss.

Because the vulnerability can be exploited by users with only Subscriber-level access, it poses a significant risk even from low-privileged attackers.

Detection Guidance

This vulnerability affects the WordPress Brikk Theme versions 3.0.0 and below, allowing Subscriber-level users to delete arbitrary content. Detection involves monitoring for unusual content deletions such as posts, pages, or images being removed without proper authorization.

Since the vulnerability is exploited via web requests, network detection can focus on identifying suspicious HTTP requests that attempt to delete content. Using web server logs or intrusion detection systems to look for unusual POST or DELETE requests targeting content management endpoints related to the Brikk theme may help.

No specific commands are provided in the available resources, but general approaches include:

  • Review web server access logs for suspicious requests from Subscriber-level accounts.
  • Use WordPress audit or activity log plugins to track content deletions and identify if Subscriber roles are performing unauthorized deletions.
  • Employ network monitoring tools to detect abnormal HTTP DELETE or POST requests targeting the Brikk theme endpoints.
Mitigation Strategies

Immediate mitigation steps include applying the Patchstack mitigation rule designed to block attacks exploiting this vulnerability until an official patch is released.

Other recommended actions are:

  • Update the Brikk theme to a version higher than 3.0.0 once available.
  • Seek assistance from your hosting provider or a web developer to implement temporary protections.
  • Use automated vulnerability mitigation tools provided by Patchstack to keep your website secure.
Compliance Impact

The provided information does not specify how the vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69103. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart