Primary

Context

Borderless WordPress Plugin Missing Authorization Vulnerability in Icon Font Deletion

Vulnerability

Patched

A vulnerability exists in the Borderless WordPress plugin, specifically in the 'remove_zipped_font' function, all versions through 1.5.9. The issue arises from a lack of proper capability checks, allowing authenticated attackers with Subscriber-level access or higher to delete previously uploaded icon fonts. This unauthorized data loss could impact users relying on custom icon packs for their WordPress sites.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of icon fonts, leading to potential disruption of custom icon usage on the site.

Remediation

Users can update to version 1.6.0 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Borderless WordPress Plugin Missing Authorization Vulnerability in Icon Font Deletion

Vulnerability

Impact

Remediation

Affected Products

Borderless

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating