Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical1
High1
Medium3
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2025-05-06

CVE-2025-1327 - Homey Plugin

The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homey_delete_user_account' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user's accounts.

PLUGIN Homey

CVE-2025-1327

MEDIUM CVSS 4.3 2025-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-05-06

CVE-2025-1326 - Homey Plugin

The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homey_reservation_del() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary reservations and posts.

PLUGIN Homey

CVE-2025-1326

MEDIUM CVSS 4.3 2025-05-02
Open Full Technical Breakdown
Threat Entry Updated 2025-03-07

CVE-2025-0749 - Homey Theme

The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verification_id' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers to log in to the first verified user.

THEME Homey

CVE-2025-0749

HIGH CVSS 8.1 2025-03-07
Open Full Technical Breakdown
Threat Entry Updated 2025-03-07

CVE-2025-0748 - Homey Theme

The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. This is due to missing or incorrect nonce validation on the 'homey_verify_user_manually' function. This makes it possible for unauthenticated attackers to update verify an user via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

THEME Homey

CVE-2025-0748

MEDIUM CVSS 4.3 2025-03-07
Open Full Technical Breakdown
Threat Entry Updated 2025-03-05

CVE-2024-12281 - Homey Theme

The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the Editor or Shop Manager role.

THEME Homey

CVE-2024-12281

CRITICAL CVSS 9.8 2025-03-05
Open Full Technical Breakdown
Scroll to top