cbcvebase.

Favethemes Houzez vulnerabilities

16 known vulnerabilities affecting favethemes/houzez.

Total CVEs
16
CISA KEV
0
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL3HIGH6MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2023-26540P1CRITICALCVSS 9.8Exploited≥ n/a, ≤ 2.7.12024-05-17
CVE-2023-26540 [CRITICAL] CWE-269 CVE-2023-26540: Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This is Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.
nvd
CVE-2023-36529P2CRITICALCVSS 9.8Exploited≤ 1.3.42023-11-03
CVE-2023-36529 [CRITICAL] CWE-89 CVE-2023-36529: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4.
nvd
CVE-2023-29432P3CRITICALCVSS 9.8fixed in 2.8.32023-12-20
CVE-2023-29432 [CRITICAL] CWE-89 CVE-2023-29432: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3.
nvd
CVE-2024-22303P3HIGHCVSS 8.8≥ n/a, ≤ 3.2.42024-09-17
CVE-2024-22303 [HIGH] CWE-266 CVE-2024-22303: Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This i Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.
nvd
CVE-2025-49406P3HIGHCVSS 8.5≥ n/a, ≤ 4.1.12025-08-20
CVE-2025-49406 [HIGH] CWE-862 CVE-2025-49406: Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.
nvd
CVE-2025-49407P3HIGHCVSS 8.8≥ n/a, ≤ 4.1.12025-08-28
CVE-2025-49407 [HIGH] CWE-79 CVE-2025-49407: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1.
nvd
CVE-2025-53198P3HIGHCVSS 8.1≤ 4.0.42025-08-20
CVE-2025-53198 [HIGH] CWE-98 CVE-2025-53198: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through <= 4.0.4.
nvd
CVE-2025-62053P3HIGHCVSS 8.1≤ 4.2.02025-11-06
CVE-2025-62053 [HIGH] CWE-98 CVE-2025-62053: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through < 4.2.0.
nvd
CVE-2025-9191P3MEDIUMCVSS 6.3≤ 4.1.62025-11-26
CVE-2025-9191 [MEDIUM] CWE-502 CVE-2025-9191: The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and incl The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, w
nvd
CVE-2025-49952P3MEDIUMCVSS 6.5≤ 4.2.52025-10-22
CVE-2025-49952 [MEDIUM] CWE-639 CVE-2025-49952: Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Ex Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.2.5.
nvd
CVE-2025-24747P4MEDIUMCVSS 5.3≤ 3.4.02025-01-27
CVE-2025-24747 [MEDIUM] CWE-862 CVE-2025-24747: Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0.
nvd
CVE-2025-9163P4MEDIUMCVSS 6.1≤ 4.1.62025-11-26
CVE-2025-9163 [MEDIUM] CWE-79 CVE-2025-9163: The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping in the houzez_property_img_upload() and houzez_property_attachment_upload() functions. This makes it possible for unauthenticated attackers to inject arbit
nvd
CVE-2024-43244P4HIGHCVSS 7.1≥ n/a, ≤ 3.2.42024-08-18
CVE-2024-43244 [HIGH] CWE-79 CVE-2024-43244: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4.
nvd
CVE-2025-49405P4MEDIUMCVSS 4.3≥ n/a, < 4.1.42025-08-28
CVE-2025-49405 [MEDIUM] CWE-98 CVE-2025-49405: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4.
nvd
CVE-2025-24754P4MEDIUMCVSS 4.3≤ 3.4.02025-01-27
CVE-2025-24754 [MEDIUM] CWE-862 CVE-2025-24754: Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0.
nvd
CVE-2025-53997P4MEDIUMCVSS 4.3≤ 4.0.42025-07-16
CVE-2025-53997 [MEDIUM] CWE-862 CVE-2025-53997: Missing Authorization vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Config Missing Authorization vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.0.4.
nvd
Favethemes Houzez vulnerabilities | cvebase