Persian Admnin Fonts Vulnerability (Medium) – CVE-2025-62980

Persian Admnin Fonts Vulnerability (Medium) – CVE-2025-62980

by | Feb 24, 2026 | Plugins

Attack Vectors

CVE-2025-62980 affects the Persian Admnin Fonts WordPress plugin (slug: persian-admin-fonts) in versions 4.1.03 and below. The issue is a missing authorization (capability) check on a plugin function, which means a user who is already logged in can trigger an action they should not be allowed to perform.

From a practical risk standpoint, the most relevant scenario is an environment where your site allows user accounts (even basic ones). An attacker only needs subscriber-level access (or higher)—no user interaction is required (UI:N), and the attack can be performed over the network (AV:N), making it feasible for opportunistic misuse if accounts are created easily or credentials are reused.

Security Weakness

The root cause is missing authorization: a plugin function can be reached without verifying the caller has the required WordPress capability to perform that action. This is a common class of access control flaw where the system correctly authenticates the user (they are logged in) but does not properly authorize what they are allowed to do.

Wordfence rates this vulnerability as Medium severity with a CVSS score of 4.3 (vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). The vector indicates low attack complexity and that it requires some privileges (a basic authenticated account), with impact primarily related to integrity rather than confidentiality or availability.

Technical or Business Impacts

Because the vulnerability allows an authenticated user to perform an unauthorized action, the business risk is best framed as unauthorized administrative changes that could affect site presentation, brand integrity, and internal governance—even if the vulnerability is not rated as data-exfiltration or downtime related.

For marketing and executive stakeholders, the most relevant outcomes may include: unexpected changes to site behavior or appearance tied to the plugin’s functionality, additional time spent by teams investigating “mystery changes,” and increased audit/compliance scrutiny due to weak access controls (especially if your organization must demonstrate role-based access enforcement).

Recommended remediation: update Persian Admnin Fonts to version 4.1.05 or newer patched version. For reference, see the official CVE record at https://www.cve.org/CVERecord?id=CVE-2025-62980 and the Wordfence advisory at https://www.wordfence.com/threat-intel/vulnerabilities/id/77771c45-4a67-4c26-a679-86110459aaeb.

Vantage Vulnerability (Medium) – CVE-2026-5070

by

Attack Vectors CVE-2026-5070 is a Medium severity vulnerability (CVSS 6.4) affecting the Vantage WordPress theme (slug: vantage) in versions up to and including 1.20.32. It enables authenticated users with Contributor access or higher to inject malicious script into a...

WP Docs Vulnerability (Medium) – CVE-2026-3878

by

Attack Vectors CVE-2026-3878 is a Medium severity Stored Cross-Site Scripting (XSS) vulnerability (CVSS 6.4) affecting the WP Docs WordPress plugin (wp-docs) in versions 2.2.9 and below. The issue is exploitable by an authenticated user with Subscriber-level access or...

Recent Comments

    WPFore Subscribers