46 matches found
CVE-2025-1326
The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homeyreservationdel function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete...
CVE-2025-1327
The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...
EUVD-2024-54002
Malicious code in bioql PyPI...
EUVD-2025-6223
Malicious code in bioql PyPI...
EUVD-2025-13293
Malicious code in bioql PyPI...
EUVD-2025-13300
Malicious code in bioql PyPI...
EUVD-2025-6222
Malicious code in bioql PyPI...
CVE-2025-31037 WordPress Homey theme <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey homey allows Reflected XSS.This issue affects Homey: from n/a through = 2.4.5...
CVE-2025-31037 WordPress Homey theme <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey homey allows Reflected XSS.This issue affects Homey: from n/a through = 2.4.5...
CVE-2025-52834 WordPress Homey theme <= 2.4.5 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in favethemes Homey allows SQL Injection. This issue affects Homey: from n/a through 2.4.5...
CVE-2025-52834
CVE-2025-52834 corresponds to an SQL Injection in the WordPress theme/favethemes Homey. The initial record confirms the vulnerability affects Homey versions n/a through 2.4.5 and classifies the flaw as an SQL injection due to improper neutralization of elements in SQL commands (high impact on con...
CVE-2025-52834 WordPress Homey theme <= 2.4.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in favethemes Homey homey allows SQL Injection.This issue affects Homey: from n/a through = 2.4.7...
WordPress Homey theme <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Ayoub Nouri in WordPress Theme Homey versions = 2.4.5...
WordPress Homey Theme <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)
Software Homey Type Theme Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31037 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 23e723348628 Credits Ayoub Nouri Required privilege Unauthenticate...
WordPress Homey theme <= 2.4.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Aiden in WordPress Theme Homey versions = 2.4.7...
CVE-2025-1326
The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homeyreservationdel function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete...
CVE-2025-1326
The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homeyreservationdel function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete...
CVE-2025-1327
The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2025-1327
The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2025-1326
CVE-2025-1326 affects the Homey WordPress theme (versions up to 2.4.4). Root cause: missing capability check in the function homey_reservation_del(), enabling authenticated attackers with Subscriber-level access and above to delete arbitrary reservations and posts. Impact: unauthorized modificati...