Browse all 6 CVE security advisories affecting Fave Themes. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Fave Themes develops WordPress themes for websites, focusing on e-commerce and business solutions. Historically, their themes have been vulnerable to cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been documented, the six CVEs on record indicate recurring security gaps, particularly in file handling and user permissions. These vulnerabilities could allow attackers to compromise websites, steal data, or escalate privileges. The company's themes remain popular despite these issues, suggesting a need for more rigorous security testing and timely patching to address persistent vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-1326 | Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post Deletion — HomeyCWE-862 | 4.3 | Medium | 2025-05-02 |
| CVE-2025-1327 | Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion — HomeyCWE-639 | 4.3 | Medium | 2025-05-02 |
| CVE-2025-0748 | Homey <= 2.4.3 - Cross-Site Request Forgery to User Verification — HomeyCWE-352 | 4.3 | Medium | 2025-03-07 |
| CVE-2025-0749 | Homey <= 2.4.3 - Limited Authentication Bypass due to Missing Empty Value Check — HomeyCWE-288 | 8.1 | High | 2025-03-07 |
| CVE-2024-12281 | Homey <= 2.4.2 - Unauthenticated Privilege Escalation in homey_save_profile — HomeyCWE-269 | 9.8 | Critical | 2025-03-05 |
| CVE-2024-11951 | Homey Login Register <= 2.4.0 - Unauthenticated Privilege Escalation in homey_register — Homey Login RegisterCWE-269 | 9.8 | Critical | 2025-03-05 |
This page lists every published CVE security advisory associated with Fave Themes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.