CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

May 2, 2025

CVE ID : CVE-2025-1327

Published : May 2, 2025, 4:15 a.m. | 3 hours, 5 minutes ago

Description : The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the ‘homey_delete_user_account’ action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user’s accounts.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1326 – Homey WordPress Missing Capability Check Data Deletion Vulnerability

Next Article CVE-2024-13419 – WordPress Smart Framework Stored Cross-Site Scripting

Highlights

CVE-2025-4611 – WordPress Slim SEO Plugin Stored Cross-Site Scripting Vulnerability

May 21, 2025

CVE ID : CVE-2025-4611

Published : May 21, 2025, 12:16 p.m. | 2 hours, 34 minutes ago

Description : The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

lunarstorm/laravel-ddd

Generate awesome open graph images with Open Graphy

Trump Administration’s Pro-Crypto Stance: A Paradigm Shift in Financial Innovation

Stateless decision making

CVE-2025-4611 – WordPress Slim SEO Plugin Stored Cross-Site Scripting Vulnerability

17 Years in Motion: How We Transform, Adapt, and Stay Strong

LatAm’s First Databricks Champion at Perficient

Sam Altman needs 100 million AI GPUs worth $3 trillion for his vision — after OpenAI was forced to do “unnatural things”

CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

Related Posts