The Homey theme for WordPress has a security issue that affects all versions up to and including 2.4.4. This issue, known as Insecure Direct Object Reference, allows attackers to delete user accounts without proper validation. This vulnerability can be exploited by authenticated attackers with at least Subscriber-level access, leading to the deletion of other users’ accounts.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
