Access Control Flaw in Homey Core by Favethemes
CVE-2025-67965

Currently unrated

Key Information:

Vendor

WordPress
Status
Homey Core
Vendor
CVE Published:
16 December 2025

What is CVE-2025-67965?

A missing authorization vulnerability exists in the Homey Core plugin, developed by Favethemes, allowing attackers to exploit improperly configured access control security levels. This vulnerability impacts versions up to and including 2.4.3, potentially leading to unauthorized access to restricted features or data. Website owners are advised to audit their installations and apply the latest patches to safeguard against potential exploitation.

Affected Version(s)

Homey Core <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/home...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-67965 : Access Control Flaw in Homey Core by Favethemes