22 matches found
CVE-2026-13357
The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...
CVE-2026-13357 Houzez Property Feed <= 2.5.46 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter
The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...
CVE-2026-13357
The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...
CVE-2026-13357
The Houzez Property Feed WordPress plugin (up to version 2.5.46) is vulnerable to SQL Injection via the 'orderby' parameter. The issue stems from user-controlled $_GET['orderby'] and $_GET['order'] being filtered only with sanitize_text_field() and concatenated into the SQL format string before $...
EUVD-2026-41246
The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...
WordPress Houzez Property Feed plugin <= 2.5.46 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Houzez Property Feed versions = 2.5.46...
EUVD-2025-9103
Malicious code in bioql PyPI...
CVE-2025-30793
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Property Hive Houzez Property Feed houzez-property-feed allows Path Traversal.This issue affects Houzez Property Feed: from n/a through = 2.5.4...
CVE-2025-30793
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Property Hive Houzez Property Feed houzez-property-feed allows Path Traversal.This issue affects Houzez Property Feed: from n/a through = 2.5.4...
CVE-2025-30793
CVE-2025-30793 affects Houzez Property Feed (WordPress). An unauthenticated path traversal vulnerability allows arbitrary file download in versions up to and including 2.5.4 (root cause: improper limitation of a pathname to a restricted directory). CVSS v3.1 base score 7.5 (HIGH) with network acc...
PT-2025-14045 · Houzez · Houzez Property Feed
Name of the Vulnerable Software and Affected Versions: Property Hive Houzez Property Feed versions n/a through 2.5.4 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in the Houzez...
WordPress plugin Houzez Property Feed 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
WordPress Houzez Property Feed plugin <= 2.5.4 - Arbitrary File Download Vulnerability
Arbitrary File Download Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Houzez Property Feed versions = 2.5.4...
CVE-2025-0808
The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed...
CVE-2025-0808
The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed...
CVE-2025-0808
The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed...
CVE-2025-0808 Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion
The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed...
CVE-2025-0808
The CVE-2025-0808 entry concerns Houzez Property Feed for WordPress. A CSRF flaw exists in all versions up to 2.4.21 due to missing/incorrect nonce validation on the deleteexport action, enabling unauthenticated attackers to delete property feed exports if a site admin is tricked into a forged re...
CVE-2025-0808 Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion
The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed...
WordPress plugin Houzez Property Feed 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...