CVE-2025-0749
CVE-2025-0749
Título es
CVE-2025-0749
Vie, 07/03/2025 – 02:15
Tipo
CWE-288
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-0749
Descripción en
The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verification_id' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers to log in to the first verified user.
07/03/2025
07/03/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Gravedad 3.1 (CVSS 3.1 Base Score)
8.10
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
https://favethemes.zendesk.com/hc/en-us/articles/4407721124884-Changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/05f87510-28c3-4ad1-b2be-2408a199cf68?source=cve
Enviar en el boletín
Off
