CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

May 2, 2025

CVE ID : CVE-2025-1327

Published : May 2, 2025, 4:15 a.m. | 3 hours, 5 minutes ago

Description : The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the ‘homey_delete_user_account’ action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user’s accounts.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1326 – Homey WordPress Missing Capability Check Data Deletion Vulnerability

Next Article CVE-2024-13419 – WordPress Smart Framework Stored Cross-Site Scripting

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

I like SteelSeries’ tiniest high performance gaming keyboard, but it’s not the only great magnetic option

Motion Highlights #5

How to make LinkedIn work for you: 3 things you must get right

My top gaming laptop of 2024 defended its crown with a redesign, but lost one of my favorite features

Brisa 0.2.12 – Near 0.3 🔜

Brisa 0.2.12 – Near 0.3 🔜

Essential Git Command Reference: The Core Operations Every Developer Needs

nativephp/electron

I like SteelSeries’ tiniest high performance gaming keyboard, but it’s not the only great magnetic option

I like SteelSeries’ tiniest high performance gaming keyboard, but it’s not the only great magnetic option

Microsoft says it accidentally broke Windows 10 Start menu, taskbar recent files feature

OpenCPN is a ship-borne GUI navigation application

CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 5/2025

The best SSH clients for Linux (and why you need them)

Meta Introduces a Machine Learning (ML)-based Approach that Allows to Solve Networking Problems Holistically Across Cross-Layers such as BWE

Data Governance in DevOps: Ensuring Compliance in the AI Era

More than 3 in 4 Tech Leaders Worry About SaaS Security Threats, New Survey Reveals

GIMP 3.0 Finally Released with a HUGE Set of Changes

Browse Reddit with a Terminal Emulator, Built with Vue.js

This AI Paper Introduces XMODE: An Explainable Multi-Modal Data Exploration System Powered by LLMs for Enhanced Accuracy and Efficiency

CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

Related Posts