CVE-2026-24355 WordPress Houzez Theme - Functionality plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through = 4.2.6...

CVE-2025-62057

CVE-2025-62057 is an XSS vulnerability in the WordPress plugin Houzez Theme - Functionality (versions

CVE-2025-62057 WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

CVE-2025-62057 WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

CVE-2025-62053 WordPress Houzez theme < 4.2.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through 4.2.0...

CVE-2025-49952 WordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through = 4.2.5...

CVE-2025-49952

CVE-2025-49952 affects the WordPress plugin/theme Houzez (WordPress theme by favethemes) up to version 4.1.1. The issue is an authorization bypass caused by incorrectly configured access control, described as a user-controlled key that enables bypassing access restrictions (an insecure direct obj...

WordPress Houzez theme < 4.2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Theme Houzez versions 4.2.0...

WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Houzez versions = 4.1.1...

CVE-2025-53198 WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through = 4.0.4...

CVE-2025-53198 WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez allows PHP Local File Inclusion. This issue affects Houzez: from n/a through 4.0.4...

WordPress Houzez theme <= 4.0.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Houzez versions = 4.0.4...

CVE-2025-53997 WordPress Houzez theme <= 4.0.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through = 4.0.4...

CVE-2025-53997

Summary: CVE-2025-53997 is a Missing Authorization (Broken Access Control) vulnerability affecting the Houzez WordPress theme, with affected versions up to 4.0.4. The issue arises from incorrectly configured access control security levels. The CVE entry has a medium severity (CVSS v3.1: 4.3) and ...

CVE-2025-53997 WordPress Houzez theme <= 4.0.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through = 4.0.4...

CVE-2025-24747 WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through = 3.4.0...

CVE-2025-24754 WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0...

WordPress Houzez CRM plugin <= 1.4.2 - Authenticated (Seller+) SQL Injection vulnerability

Authenticated Seller+ SQL Injection vulnerability discovered by István Márton in WordPress Plugin Houzez CRM versions = 1.4.2...