5 matches found
CVE-2025-1326
The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homeyreservationdel function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete...
EUVD-2025-13293
Malicious code in bioql PyPI...
EUVD-2025-13300
Malicious code in bioql PyPI...
PT-2025-18756 · WordPress · Homey
Name of the Vulnerable Software and Affected Versions: Homey theme for WordPress versions up to, and including, 2.4.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to delete other users' accounts due to missing validation on a user-controlled key in...
CVE-2025-0748
The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. This is due to missing or incorrect nonce validation on the 'homeyverifyusermanually' function. This makes it possible for unauthenticated attackers to update verify an user via a...