Favethemes

Houzez

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-24355

  • EPSS 0.13%
  • Veröffentlicht 22.01.2026 16:52:43
  • Zuletzt bearbeitet 28.04.2026 03:16:02

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a throu...

6.1

CVE-2025-9163

  • EPSS 0.18%
  • Veröffentlicht 26.11.2025 12:30:05
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping in the houzez_property_img_upload() and houzez_pro...

6.3

CVE-2025-9191

  • EPSS 0.22%
  • Veröffentlicht 26.11.2025 12:30:04
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. This makes it possible for authenticated attackers, with Subscriber-leve...

8.1

CVE-2025-62053

  • EPSS 0.35%
  • Veröffentlicht 06.11.2025 15:55:48
  • Zuletzt bearbeitet 27.04.2026 18:16:24

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through < 4.2.0.

6.5

CVE-2025-49952

  • EPSS 0.41%
  • Veröffentlicht 22.10.2025 14:32:19
  • Zuletzt bearbeitet 27.04.2026 20:16:19

Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.2.5.

8.8

CVE-2025-49407

  • EPSS 0.41%
  • Veröffentlicht 28.08.2025 12:37:16
  • Zuletzt bearbeitet 28.04.2026 19:33:05

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1.

4.3

CVE-2025-49405

  • EPSS 0.24%
  • Veröffentlicht 28.08.2025 12:37:15
  • Zuletzt bearbeitet 28.04.2026 19:33:05

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4.

8.5

CVE-2025-49402

  • EPSS 0.3%
  • Veröffentlicht 28.08.2025 12:37:14
  • Zuletzt bearbeitet 23.04.2026 15:31:37

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects Exertio Framework: from n/a through <= 1.3.3.

8.5

CVE-2025-49406

  • EPSS 0.32%
  • Veröffentlicht 20.08.2025 08:03:49
  • Zuletzt bearbeitet 28.04.2026 19:33:05

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.

8.1

CVE-2025-53198

  • EPSS 0.49%
  • Veröffentlicht 20.08.2025 08:03:21
  • Zuletzt bearbeitet 23.04.2026 15:32:16

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through <= 4.0.4.