CVE-2024-5792 Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection

The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belongto’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

WordPress Houzez Theme - Functionality plugin <= 3.2.2 - Authenticated (Seller+) SQL Injection vulnerability

WordPress Houzez Theme - Functionality plugin = 3.2.2 - Authenticated Seller+ SQL Injection vulnerability discovered by István Márton in WordPress Plugin Houzez Theme - Functionality versions = 3.2.2...

PT-2024-37159 · WordPress · The Houzez Theme

Name of the Vulnerable Software and Affected Versions: The Houzez Theme - Functionality plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to SQL Injection via the currency code parameter due to insufficient escaping on the user-supplied parameter and lack...