CVE-2025-31037
- EPSS 0.03%
- Veröffentlicht 04.07.2025 11:18:07
- Zuletzt bearbeitet 08.07.2025 16:18:53
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey allows Reflected XSS. This issue affects Homey: from n/a through 2.4.5.
CVE-2025-52834
- EPSS 0.04%
- Veröffentlicht 27.06.2025 11:52:13
- Zuletzt bearbeitet 30.06.2025 18:38:48
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey allows SQL Injection. This issue affects Homey: from n/a through 2.4.5.
CVE-2025-1326
- EPSS 0.17%
- Veröffentlicht 02.05.2025 03:21:20
- Zuletzt bearbeitet 06.05.2025 15:27:38
The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homey_reservation_del() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers...
CVE-2025-1327
- EPSS 0.17%
- Veröffentlicht 02.05.2025 03:21:18
- Zuletzt bearbeitet 06.05.2025 15:29:09
The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homey_delete_user_account' action due to missing validation on a user controlled key. This makes it possible for auth...