Lucene search
K

22 matches found

NVD
NVD
added 15 hours ago7 views

CVE-2026-13357

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS
Exploits0References6
Cvelist
Cvelist
added 15 hours ago11 views

CVE-2026-13357 Houzez Property Feed <= 2.5.46 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 15 hours ago4 views

CVE-2026-13357

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS5.8AI score
Exploits0References7
CVE
CVE
added 15 hours ago10 views

CVE-2026-13357

The Houzez Property Feed WordPress plugin (up to version 2.5.46) is vulnerable to SQL Injection via the 'orderby' parameter. The issue stems from user-controlled $_GET['orderby'] and $_GET['order'] being filtered only with sanitize_text_field() and concatenated into the SQL format string before $...

4.9CVSS5.8AI score
Exploits0References6
EUVD
EUVD
added 15 hours ago6 views

EUVD-2026-41246

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS5.8AI score
Exploits0References6
Patchstack
Patchstack
added yesterday4 views

WordPress Houzez Property Feed plugin <= 2.5.46 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Houzez Property Feed versions = 2.5.46...

4.9CVSS5.8AI score
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-9103

Malicious code in bioql PyPI...

7.5CVSS9AI score0.00526EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/03 9:57 a.m.5 views

CVE-2025-30793

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Property Hive Houzez Property Feed houzez-property-feed allows Path Traversal.This issue affects Houzez Property Feed: from n/a through = 2.5.4...

7.5CVSS7.2AI score0.00526EPSS
Exploits0References1
NVD
NVD
added 2025/04/01 6:15 a.m.14 views

CVE-2025-30793

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Property Hive Houzez Property Feed houzez-property-feed allows Path Traversal.This issue affects Houzez Property Feed: from n/a through = 2.5.4...

7.5CVSS0.00526EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 5:31 a.m.44 views

CVE-2025-30793

CVE-2025-30793 affects Houzez Property Feed (WordPress). An unauthenticated path traversal vulnerability allows arbitrary file download in versions up to and including 2.5.4 (root cause: improper limitation of a pathname to a restricted directory). CVSS v3.1 base score 7.5 (HIGH) with network acc...

7.5CVSS7.2AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.6 views

PT-2025-14045 · Houzez · Houzez Property Feed

Name of the Vulnerable Software and Affected Versions: Property Hive Houzez Property Feed versions n/a through 2.5.4 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in the Houzez...

7.5CVSS9.2AI score0.00526EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.2 views

WordPress plugin Houzez Property Feed 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

7.5CVSS8.5AI score0.00526EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/29 11:16 p.m.4 views

WordPress Houzez Property Feed plugin <= 2.5.4 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Houzez Property Feed versions = 2.5.4...

7.5CVSS6.9AI score0.00526EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/14 3:30 a.m.9 views

CVE-2025-0808

The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed...

5.4CVSS9.1AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 4:15 a.m.17 views

CVE-2025-0808

The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed...

5.4CVSS0.00151EPSS
Exploits0References2
OSV
OSV
added 2025/02/12 4:15 a.m.3 views

CVE-2025-0808

The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed...

5.4CVSS7.2AI score0.00151EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/12 3:21 a.m.9 views

CVE-2025-0808 Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion

The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed...

4.3CVSS4.3AI score0.00151EPSS
Exploits0References2
CVE
CVE
added 2025/02/12 3:21 a.m.70 views

CVE-2025-0808

The CVE-2025-0808 entry concerns Houzez Property Feed for WordPress. A CSRF flaw exists in all versions up to 2.4.21 due to missing/incorrect nonce validation on the deleteexport action, enabling unauthenticated attackers to delete property feed exports if a site admin is tricked into a forged re...

5.4CVSS4.2AI score0.00151EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/02/12 3:21 a.m.16 views

CVE-2025-0808 Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion

The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed...

4.3CVSS0.00151EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.3 views

WordPress plugin Houzez Property Feed 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

5.4CVSS8.2AI score0.00151EPSS
Exploits0References2
Rows per page
Query Builder