Houzez Security Vulnerabilities and Issues — Houzez CVE List

Lucene search

FavethemesHouzez

13 matches found

CVE•added 2023/11/03 5:15 p.m.•78 views

CVE-2023-36529

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4.

9.8CVSS9.9AI score0.0021EPSS

CVE•added 2024/09/17 2:15 p.m.•75 views

CVE-2024-21743

Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.

8.8CVSS8.7AI score0.00182EPSS

CVE•added 2024/09/17 2:15 p.m.•65 views

CVE-2024-22303

Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.

8.8CVSS8.8AI score0.00235EPSS

CVE•added 2023/12/20 6:15 p.m.•51 views

CVE-2023-29432

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3.

9.8CVSS9.5AI score0.00147EPSS

CVE•added 2024/05/17 7:15 a.m.•43 views

CVE-2023-26009

Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3.

9.8CVSS6.8AI score0.00462EPSS

CVE•added 2024/07/09 2:15 a.m.•42 views

CVE-2024-5793

The Houzez Theme - Functionality plugin for WordPress is vulnerable to SQL Injection via the ‘currency_code’ parameter in all versions up to, and including, 3.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it ...

8.8CVSS8.7AI score0.00517EPSS

CVE•added 2024/05/17 7:15 a.m.•36 views

CVE-2023-26540

Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.

9.8CVSS6.8AI score0.00449EPSS

CVE•added 2024/08/18 10:15 p.m.•32 views

CVE-2024-43244

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4.

7.1CVSS7AI score0.00085EPSS

CVE•added 2025/07/16 11:15 a.m.•7 views

CVE-2025-53997

Missing Authorization vulnerability in favethemes Houzez allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez: from n/a through 4.0.4.

4.3CVSS6.5AI score0.00034EPSS

CVE•added 2025/08/28 1:16 p.m.•6 views

CVE-2025-49405

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4.

8.1CVSS6.6AI score0.00151EPSS

CVE•added 2025/08/28 1:16 p.m.•6 views

CVE-2025-49407

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1.

7.1CVSS7.2AI score0.00036EPSS

CVE•added 2025/08/20 8:15 a.m.•6 views

CVE-2025-53198

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows PHP Local File Inclusion. This issue affects Houzez: from n/a through 4.0.4.

8.1CVSS7.2AI score0.00151EPSS

CVE•added 2025/08/20 8:15 a.m.•5 views

CVE-2025-49406

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.

5.3CVSS7AI score0.00037EPSS