CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

May 2, 2025

CVE ID : CVE-2025-1327

Published : May 2, 2025, 4:15 a.m. | 3 hours, 5 minutes ago

Description : The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the ‘homey_delete_user_account’ action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user’s accounts.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1326 – Homey WordPress Missing Capability Check Data Deletion Vulnerability

Next Article CVE-2024-13419 – WordPress Smart Framework Stored Cross-Site Scripting

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

The biggest rival for Microsoft’s Xbox Ally is Valve’s Steam Deck, not Switch 2, so stop comparing the wrong gaming handhelds

Microsoft Copilot for Power Platform

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

Mastering TypeScript: Your Ultimate Guide to Types, Inference & Compatibility

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

CVE-2025-26198 – CloudClassroom-PHP-Project SQL Injection

CVE-2025-48475 – FreeScout Unrestricted Client Access Vulnerability

Best Laptop For Web Development and Designing in 2025

CVE-2025-3980 – Wowjoy Internet Doctor Workstation System Remote Unauthorized Access Vulnerability

PowerToys 0.91 update brings major improvements to Command Palette & more

CVE-2025-44193 – SourceCodester Simple Barangay Management System SQL Injection

CVE-2025-48749 – Netwrix Directory Manager Data Exfiltration Vulnerability

Rest Assured – Schema to use cannot be null

CVE-2025-4633 – Airpointer Default Credentials Vulnerability

CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

Related Posts