Favethemes

Houzez

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-24355

  • EPSS 0.04%
  • Veröffentlicht 22.01.2026 16:52:43
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a throu...

6.1

CVE-2025-9163

  • EPSS 0.21%
  • Veröffentlicht 26.11.2025 12:30:05
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping in the houzez_property_img_upload() and houzez_pro...

6.3

CVE-2025-9191

  • EPSS 0.13%
  • Veröffentlicht 26.11.2025 12:30:04
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. This makes it possible for authenticated attackers, with Subscriber-leve...

8

CVE-2025-62053

  • EPSS 0.06%
  • Veröffentlicht 06.11.2025 15:55:48
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through < 4.2.0.

6.3

CVE-2025-49952

  • EPSS 0.06%
  • Veröffentlicht 22.10.2025 14:32:19
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.2.5.

7.1

CVE-2025-49407

  • EPSS 0.03%
  • Veröffentlicht 28.08.2025 12:37:16
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1.

8.1

CVE-2025-49405

  • EPSS 0.12%
  • Veröffentlicht 28.08.2025 12:37:15
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4.

6.5

CVE-2025-49402

  • EPSS 0.03%
  • Veröffentlicht 28.08.2025 12:37:14
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects Exertio Framework: from n/a through <= 1.3.3.

5.3

CVE-2025-49406

  • EPSS 0.04%
  • Veröffentlicht 20.08.2025 08:03:49
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.

8.1

CVE-2025-53198

  • EPSS 0.07%
  • Veröffentlicht 20.08.2025 08:03:21
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through <= 4.0.4.