Lucene search
K

5 matches found

CNVD
CNVD
added 2025/11/28 12:0 a.m.3 views

WordPress houzez cross-site scripting vulnerability

WordPress houzez is a WordPress theme designed for real estate brokers and companies, providing powerful Elementor integration, listing management, map search and other features, supporting multi-language and currency conversion, aiming to create a professional and user-friendly real estate...

6.1CVSS6.2AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/26 3:34 p.m.4 views

EUVD-2025-199719

The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No...

6.3CVSS6.5AI score0.00224EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/26 12:30 p.m.6 views

CVE-2025-9163 Houzez <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping in the houzezpropertyimgupload and houzezpropertyattachmentupload functions. This makes it possib...

6.1CVSS5AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-40478

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:46 a.m.6 views

CVE-2023-29432

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3...

9.8CVSS8.9AI score0.00748EPSS
Exploits0References1
Rows per page
Query Builder