CNNVD-202512-3038 Information

CNNVD ID

CNNVD-202512-3038

Related CVE

CVE-2025-67965

• CNNVD Published: 2025-12-16

Description (Chinese)

ws等都是(WebSockets)开源的产品。ws是一个 Node.js WebSocket 库。FreeBSD ctl等都是(FreeBSD)基金会的产品。ctl是一个工具。R infrastructure gh等都是(R infrastructure)开源的产品。gh是一个GitHub的API库。 WordPress plugin Homey Core 2.4.3及之前版本存在安全漏洞，该漏洞源于缺少授权检查，可能导致访问控制不当。

Description (English)

Ws are all open-source products. Ws is a Node.js WebSocket library. FreeBSD ctl etc. are the products of FreeBSD. Ctl is a tool. R infrastructure gh etc. are open-source products. gh is a Github API library. WordPress Plugin Homey Core 2.4.3 and previous versions had a security gap, which stemmed from a lack of authorized inspections and could lead to inappropriate access controls.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WordPress

Published

2025-12-16

Last Modified

2026-02-24

References

https://vdp.patchstack.com/database/Wordpress/Plugin/homey-core/vulnerability/wordpress-homey-core-plugin-2-4-3-broken-access-control-vulnerability?_s_id=cve

Patch

https://wordpress.org/plugins/