Favethemes

Houzez

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-24355

  • EPSS 0.03%
  • Veröffentlicht 22.01.2026 16:52:43
  • Zuletzt bearbeitet 26.01.2026 15:04:14

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a throu...

6.1

CVE-2025-9163

  • EPSS 0.13%
  • Veröffentlicht 26.11.2025 12:30:05
  • Zuletzt bearbeitet 01.12.2025 15:39:53

The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping in the houzez_property_img_upload() and houzez_pro...

6.3

CVE-2025-9191

  • EPSS 0.08%
  • Veröffentlicht 26.11.2025 12:30:04
  • Zuletzt bearbeitet 01.12.2025 15:39:53

The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. This makes it possible for authenticated attackers, with Subscriber-leve...

8

CVE-2025-62053

  • EPSS 0.17%
  • Veröffentlicht 06.11.2025 15:55:48
  • Zuletzt bearbeitet 20.01.2026 15:17:44

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through < 4.2.0.

6.3

CVE-2025-49952

  • EPSS 0.07%
  • Veröffentlicht 22.10.2025 14:32:19
  • Zuletzt bearbeitet 20.01.2026 15:16:45

Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.1.1.

7.1

CVE-2025-49407

  • EPSS 0.03%
  • Veröffentlicht 28.08.2025 12:37:16
  • Zuletzt bearbeitet 29.08.2025 16:24:29

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1.

8.1

CVE-2025-49405

  • EPSS 0.11%
  • Veröffentlicht 28.08.2025 12:37:15
  • Zuletzt bearbeitet 30.08.2025 02:15:32

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4.

6.5

CVE-2025-49402

  • EPSS 0.04%
  • Veröffentlicht 28.08.2025 12:37:14
  • Zuletzt bearbeitet 29.08.2025 16:24:29

Missing Authorization vulnerability in favethemes Houzez CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez CRM: from n/a through 1.4.7.

5.3

CVE-2025-49406

  • EPSS 0.04%
  • Veröffentlicht 20.08.2025 08:03:49
  • Zuletzt bearbeitet 20.08.2025 14:39:07

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.

8.1

CVE-2025-53198

  • EPSS 0.11%
  • Veröffentlicht 20.08.2025 08:03:21
  • Zuletzt bearbeitet 20.08.2025 14:39:07

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows PHP Local File Inclusion. This issue affects Houzez: from n/a through 4.0.4.