CVE-2025-1327

The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...

EUVD-2025-6223

Malicious code in bioql PyPI...

EUVD-2025-6222

Malicious code in bioql PyPI...

EUVD-2024-54002

Malicious code in bioql PyPI...

CVE-2025-52834 WordPress Homey theme <= 2.4.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in favethemes Homey homey allows SQL Injection.This issue affects Homey: from n/a through = 2.4.7...

CVE-2025-52834 WordPress Homey theme <= 2.4.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in favethemes Homey allows SQL Injection. This issue affects Homey: from n/a through 2.4.5...

CVE-2025-1327

The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2025-1326 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion

The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homeyreservationdel function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete...

CVE-2025-1326

CVE-2025-1326 affects the Homey WordPress theme (versions up to 2.4.4). Root cause: missing capability check in the function homey_reservation_del(), enabling authenticated attackers with Subscriber-level access and above to delete arbitrary reservations and posts. Impact: unauthorized modificati...

CVE-2025-1326 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion

The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homeyreservationdel function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete...

CVE-2025-1327

CVE-2025-1327 affects the Homey WordPress theme (versions ≤ 2.4.4). The vulnerability is an Insecure Direct Object Reference via the homey_delete_user_account action, caused by missing validation on a user-controlled key. This allows authenticated attackers with Subscriber-level access or higher ...

CVE-2025-1327 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion

The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homeydeleteuseraccount' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access...

PT-2025-18755 · WordPress · Homey

Name of the Vulnerable Software and Affected Versions: Homey theme for WordPress versions prior to 2.4.5 Description: The issue allows authenticated attackers with Subscriber-level access and above to delete arbitrary reservations and posts due to a missing capability check on the homey reservati...

WordPress Homey Theme <= 2.4.4 is vulnerable to Broken Access Control

Software Homey Type Theme Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-1326 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f04df5696a52 Credits a00n Required privilege Subscriber...

CVE-2024-51800 WordPress Homey theme <= 2.4.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1...

CVE-2025-0748

The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. This is due to missing or incorrect nonce validation on the 'homeyverifyusermanually' function. This makes it possible for unauthenticated attackers to update verify an user via a...

CVE-2025-0749

The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verificationid' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers t...

CVE-2025-0748

CVE-2025-0748 refers to the Homey WordPress theme vulnerability. The Homey theme (WordPress) versions up to and including 2.4.3 are exposed to a Cross-Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the homey_verify_user_manually function. This allows unauthenticated atta...

CVE-2025-0748 Homey <= 2.4.3 - Cross-Site Request Forgery to User Verification

The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. This is due to missing or incorrect nonce validation on the 'homeyverifyusermanually' function. This makes it possible for unauthenticated attackers to update verify an user via a...

CVE-2025-0748 Homey <= 2.4.3 - Cross-Site Request Forgery to User Verification

The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. This is due to missing or incorrect nonce validation on the 'homeyverifyusermanually' function. This makes it possible for unauthenticated attackers to update verify an user via a...