4 matches found
CVE-2025-1326
creationtimestamp| type| source ---|---|--- 2025-05-02 04:15:41+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14429 2025-05-02 07:19:04+00:00| seen| https://bsky.app/profile/FunctionalProgramming.activitypub.awakari.com.ap.brid.gy/post/3lo6baa6gafd2 2025-05-02 07:34:43+00:00| seen|...
CVE-2025-1326 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion
The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homeyreservationdel function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete...
CVE-2025-1326 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion
The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homeyreservationdel function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete...
WordPress Homey Theme <= 2.4.4 is vulnerable to Broken Access Control
Software Homey Type Theme Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-1326 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f04df5696a52 Credits a00n Required privilege Subscriber...