CVE-2025-1326 – Homey WordPress Missing Capability Check Data Deletion Vulnerability

May 2, 2025

CVE ID : CVE-2025-1326

Published : May 2, 2025, 4:15 a.m. | 3 hours, 5 minutes ago

Description : The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homey_reservation_del() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary reservations and posts.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-13420 – WordPress Envato Theme/Plugin Unauthorized Access Vulnerability

Next Article CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

My top gaming laptop of 2024 defended its crown with a redesign, but lost one of my favorite features

“I do agree that Diablo 4 still has a lot of untapped potential,” Diablo 4 developers discuss Season 8 themes, their evolving developer philosophy, and more

Thanks to Xbox’s price hike, the Series S is now more expensive than the PS5

Elden Ring Nightreign classes: All 8 Nightfarer characters in FromSoftware’s co-op spinoff explained

Diabetes Detection System using PHP and MYSQL

Diabetes Detection System using PHP and MYSQL

Perficient is Headed to Salesforce Connections 2025: Here’s What You Need to Know

Perficient Wins 2025 Delivery Award at Appian World for Second Consecutive Year

My top gaming laptop of 2024 defended its crown with a redesign, but lost one of my favorite features

My top gaming laptop of 2024 defended its crown with a redesign, but lost one of my favorite features

“I do agree that Diablo 4 still has a lot of untapped potential,” Diablo 4 developers discuss Season 8 themes, their evolving developer philosophy, and more

Thanks to Xbox’s price hike, the Series S is now more expensive than the PS5

CVE-2025-1326 – Homey WordPress Missing Capability Check Data Deletion Vulnerability

CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221

CISA Warns of KUNBUS Auth Bypass Vulnerabilities Exposes Systems to Remote Attacks

What’s new for us in ECMAScript 2024

Our best PC game of 2024 has a crazy discount right now

Smashing Security podcast #381: Trump shooting conspiracy, Squarespace account hijack, and the butt stops here

Guru Live project v1

FOSS Weekly #25.18: Linux Magazine, Modern Terminals, Muse Pi, apt Guide and More

CVE-2025-46673 – NASA CryptoLib SDLS Protocol Bypass Vulnerability

How to capture response time between moving 1 request to another request in jmeter?

Windows 11 KB5053657 23H2 big update, direct download .msu

CVE-2025-1326 – Homey WordPress Missing Capability Check Data Deletion Vulnerability

Related Posts