Favethemes Houzez

16 CVEs affecting Favethemes Houzez. Latest disclosed: 2025-11-26. Critical: 2, High: 7.

Top CVEs affecting Favethemes Houzez
CVESeverityScorePublishedSummary
CVE-2023-36529Critical9.92023-11-03Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQ…
CVE-2023-26540Critical9.82024-05-17Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.
CVE-2025-49407High8.82025-08-28Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affect…
CVE-2024-22303High8.82024-09-17Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.
CVE-2025-49406High8.52025-08-20Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a t…
CVE-2023-29432High8.22023-12-20Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issu…
CVE-2025-62053High8.12025-11-06Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez.This issue af…
CVE-2025-53198High8.12025-08-20Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Lo…
CVE-2024-43244High7.12024-08-18Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue…
CVE-2025-49952Medium6.52025-10-22Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Lev…
CVE-2025-9191Medium6.32025-11-26The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in save…
CVE-2025-9163Medium6.12025-11-26The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficien…
CVE-2025-24747Medium5.32025-01-27Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0.
CVE-2025-49405Medium4.32025-08-28Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local Fil…
CVE-2025-53997Medium4.32025-07-16Missing Authorization vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houz…
CVE-2025-24754Medium4.32025-01-27Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0.