{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T01:34:50.537","vulnerabilities":[{"cve":{"id":"CVE-2025-0749","sourceIdentifier":"security@wordfence.com","published":"2025-03-07T02:15:37.820","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verification_id' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers to log in to the first verified user."},{"lang":"es","value":"El tema Homey para WordPress es vulnerable a la omisión de autenticación en versiones hasta la 2.4.3 incluida. Esto se debe a que el valor 'verification_id' está configurado en vacío y la marca de verificación de que no está vacío no está en la página de perfil de usuario del panel de control. Esto hace posible que atacantes no autenticados inicien sesión en el primer usuario verificado."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://favethemes.zendesk.com/hc/en-us/articles/4407721124884-Changelog","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/05f87510-28c3-4ad1-b2be-2408a199cf68?source=cve","source":"security@wordfence.com"}]}}]}