5 matches found
CVE-2025-1327
creationtimestamp| type| source ---|---|--- 2025-05-02 04:15:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14434 2025-05-02 07:34:43+00:00| seen| https://t.me/cvedetector/24319 2025-05-02 08:00:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo6e7os3vw2w...
CVE-2025-1327
The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2025-1327 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion
The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2025-1327 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion
The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...
WordPress Homey Theme <= 2.4.4 is vulnerable to Insecure Direct Object References (IDOR)
Software Homey Type Theme Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Insecure Direct Object References IDOR CVE CVE-2025-1327 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8b4f513f58e Credits a00...