Favethemes Houzez
16 CVEs affecting Favethemes Houzez. Latest disclosed: 2025-11-26. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-36529 | Critical | 9.9 | 2023-11-03 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQ… |
CVE-2023-26540 | Critical | 9.8 | 2024-05-17 | Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. |
CVE-2025-49407 | High | 8.8 | 2025-08-28 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affect… |
CVE-2024-22303 | High | 8.8 | 2024-09-17 | Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4. |
CVE-2025-49406 | High | 8.5 | 2025-08-20 | Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a t… |
CVE-2023-29432 | High | 8.2 | 2023-12-20 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issu… |
CVE-2025-62053 | High | 8.1 | 2025-11-06 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez.This issue af… |
CVE-2025-53198 | High | 8.1 | 2025-08-20 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Lo… |
CVE-2024-43244 | High | 7.1 | 2024-08-18 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue… |
CVE-2025-49952 | Medium | 6.5 | 2025-10-22 | Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Lev… |
CVE-2025-9191 | Medium | 6.3 | 2025-11-26 | The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in save… |
CVE-2025-9163 | Medium | 6.1 | 2025-11-26 | The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficien… |
CVE-2025-24747 | Medium | 5.3 | 2025-01-27 | Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0. |
CVE-2025-49405 | Medium | 4.3 | 2025-08-28 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local Fil… |
CVE-2025-53997 | Medium | 4.3 | 2025-07-16 | Missing Authorization vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houz… |
CVE-2025-24754 | Medium | 4.3 | 2025-01-27 | Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0. |