Vulnerabilities > Favethemes

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-02	CVE-2025-1326	Missing Authorization vulnerability in Favethemes Homey The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homey_reservation_del() function in all versions up to, and including, 2.4.4. network low complexity favethemes CWE-862	4.3
2025-05-02	CVE-2025-1327	Authorization Bypass Through User-Controlled Key vulnerability in Favethemes Homey The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homey_delete_user_account' action due to missing validation on a user controlled key. network low complexity favethemes CWE-639	4.3
2023-12-20	CVE-2023-29432	Unspecified vulnerability in Favethemes Houzez 1.3.4 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3. network low complexity favethemes critical	9.8
2023-11-03	CVE-2023-36529	Unspecified vulnerability in Favethemes Houzez 1.3.4 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4. network low complexity favethemes critical	9.8

Vulnerabilities > Favethemes {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Favethemes"}]}