CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

May 2, 2025

CVE ID : CVE-2025-1327

Published : May 2, 2025, 4:15 a.m. | 3 hours, 5 minutes ago

Description : The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the ‘homey_delete_user_account’ action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user’s accounts.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1326 – Homey WordPress Missing Capability Check Data Deletion Vulnerability

Next Article CVE-2024-13419 – WordPress Smart Framework Stored Cross-Site Scripting

Highlights

CVE-2025-4659 – Salesforce WordPress Plugin Full Path Disclosure Vulnerability

May 30, 2025

CVE ID : CVE-2025-4659

Published : May 30, 2025, 6:15 a.m. | 3 hours, 21 minutes ago

Description : The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-6280 – TransformerOptimus SuperAGI EmailToolKit Path Traversal Vulnerability

Lightweight signals inspired reactive state management for Node.js backends

Implementing an Accessible and Responsive Accordion Menu

CVE-2025-6218 WinRAR Directory Traversal Vulnerability

CVE-2025-4659 – Salesforce WordPress Plugin Full Path Disclosure Vulnerability

CVE-2025-43546 – Oracle Bridge Integer Underflow Vulnerability

RegRipper

Borderlands 4 drops stunning new story trailer

CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

Related Posts