Lucene search
+L

5 matches found

Circl
Circl
added 2025/05/02 4:15 a.m.20 views

CVE-2025-1327

creationtimestamp| type| source ---|---|--- 2025-05-02 04:15:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14434 2025-05-02 07:34:43+00:00| seen| https://t.me/cvedetector/24319 2025-05-02 08:00:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo6e7os3vw2w...

4.3CVSS6.2AI score0.002EPSS
Exploits0References3
NVD
NVD
added 2025/05/02 4:15 a.m.23 views

CVE-2025-1327

The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS0.002EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/02 3:21 a.m.11 views

CVE-2025-1327 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion

The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS4.4AI score0.002EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/02 3:21 a.m.24 views

CVE-2025-1327 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion

The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS0.002EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/05/01 12:0 a.m.12 views

WordPress Homey Theme <= 2.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Homey Type Theme Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Insecure Direct Object References IDOR CVE CVE-2025-1327 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8b4f513f58e Credits a00...

4.3CVSS6.5AI score0.002EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder