CVE-2025-67964 WordPress Homey Core plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through = 2.4.3...

CVE-2025-67965 WordPress Homey Core plugin <= 2.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in favethemes Homey Core homey-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Homey Core: from n/a through = 2.4.3...

CVE-2025-31037 WordPress Homey theme <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey homey allows Reflected XSS.This issue affects Homey: from n/a through = 2.4.5...

CVE-2025-31037 WordPress Homey theme <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey homey allows Reflected XSS.This issue affects Homey: from n/a through = 2.4.5...

CVE-2025-52834

CVE-2025-52834 corresponds to an SQL Injection in the WordPress theme/favethemes Homey. The initial record confirms the vulnerability affects Homey versions n/a through 2.4.5 and classifies the flaw as an SQL injection due to improper neutralization of elements in SQL commands (high impact on con...

WordPress Homey theme <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ayoub Nouri in WordPress Theme Homey versions = 2.4.5...

WordPress Homey Theme <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Homey Type Theme Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31037 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 23e723348628 Credits Ayoub Nouri Required privilege Unauthenticate...

WordPress Homey plugin <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Reservation & Post Deletion vulnerability discovered by a00n in WordPress Theme Homey versions = 2.4.4...

WordPress Homey Theme <= 2.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Homey Type Theme Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Insecure Direct Object References IDOR CVE CVE-2025-1327 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8b4f513f58e Credits a00...

CVE-2024-51800

CVE-2024-51800 describes an Incorrect Privilege Assignment vulnerability in Favethemes Homey (WordPress theme/plugin) that enables Privilege Escalation. The issue affects Homey versions from an unknown start through 2.4.1. The connected Red Hat advisory and Red Hat security notes align with the C...

CVE-2024-12281

The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by...

WordPress Homey theme <= 2.4.3 - Cross-Site Request Forgery to User Verification vulnerability

Cross-Site Request Forgery to User Verification vulnerability discovered by István Márton in WordPress Theme Homey versions = 2.4.3...

WordPress Homey plugin <= 2.4.2 - Unauthenticated Privilege Escalation in homey_save_profile vulnerability

Unauthenticated Privilege Escalation in homeysaveprofile vulnerability discovered by Tonn in WordPress Theme Homey versions = 2.4.2...