5 matches found
WordPress houzez cross-site scripting vulnerability
WordPress houzez is a WordPress theme designed for real estate brokers and companies, providing powerful Elementor integration, listing management, map search and other features, supporting multi-language and currency conversion, aiming to create a professional and user-friendly real estate...
EUVD-2025-199719
The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No...
CVE-2025-9163 Houzez <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping in the houzezpropertyimgupload and houzezpropertyattachmentupload functions. This makes it possib...
EUVD-2023-40478
Malicious code in bioql PyPI...
CVE-2023-29432
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3...