PT-2025-10028 · WordPress · Homey
István Márton
·
Publicado
2025-03-07
·
Atualizado
2025-03-12
·
CVE-2025-0749
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Homey theme for WordPress versions up to and including 2.4.3
Description
The issue allows for authentication bypass due to the
verification id value being set to empty and a missing not empty check in the dashboard user profile page. This enables unauthenticated attackers to log in to the first verified user.Recommendations
For versions up to and including 2.4.3, update to a version that includes the necessary checks to prevent authentication bypass, specifically ensuring that the
verification id value is properly validated.Correção
Authentication Bypass Using an Alternate Path or Channel
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Homey