CVE-2025-0749

Sažetak

The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verification_id' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers to log in to the first verified user.

Reference

https://favethemes.zendesk.com/hc/en-us/articles/4407721124884-Changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/05f87510-28c3-4ad1-b2be-2408a199cf68?source=cve

CVSS

Base:	8.1
Impact:	5.9
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

07-03-2025 - 02:15

Objavljeno

07-03-2025 - 02:15