CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22303 – WordPress Houzez theme <= 3.2.4 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-22303
17 Sep 2024 — Incorrect Privilege Assignment vulnerability in favethemes Houzez houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4. Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4. The Houzez theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the houzez_ajax_password_reset function not properly verifying a user's identity prior... • https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-3-2-4-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43244 – WordPress houzez Theme By FaveThemes <= 3.2.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43244
12 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4. The Houzez theme for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfull... • https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-by-favethemes-themeforest-theme-2-8-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36529 – WordPress Houzez CRM Plugin <= 1.3.4 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-36529
27 Jun 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Favethemes Houzez - Real Estate WordPress Theme permite la inyección de SQL. Este problema afecta a Houzez - Real Estate WordPress Theme: des... • https://patchstack.com/database/vulnerability/houzez-crm/wordpress-houzez-crm-plugin-1-3-3-sql-injection?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29432 – WordPress Houzez Theme < 2.8.3 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-29432
06 Apr 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en Favethemes Houzez - Real Estate WordPress Theme. Este problema afecta a Houzez - Real Estate WordPress Theme: desde n/a antes de 2.8.3. The Houzez theme for Wor... • https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-2-8-3-unauth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26540 – WordPress Houzez theme <= 2.7.1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-26540
27 Feb 2023 — Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. La vulnerabilidad de gestión de privilegios incorrecta en Favethemes Houzez permite la escalada de privilegios. Este problema afecta a Houzez: desde n/a hasta 2.7.1. The Houzez theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.7.1. This is due to improper assignment of privileges on user management/registration that allows... • https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-2-7-1-privilege-escalation?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •