CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21743 – WordPress Houzez Login Register plugin <= 3.2.5 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-21743
17 Sep 2024 — Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5. The Houzez Login Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.5. This is due to the houzez_agency_agent_update function not properly verifying a user's identity prior to allowing them to update user details like email address. This makes it possible for authenticated attackers, with subs... • https://patchstack.com/database/vulnerability/houzez-login-register/wordpress-houzez-login-register-plugin-3-2-5-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22303 – WordPress Houzez theme <= 3.2.4 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-22303
17 Sep 2024 — Incorrect Privilege Assignment vulnerability in favethemes Houzez houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4. Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4. The Houzez theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the houzez_ajax_password_reset function not properly verifying a user's identity prior... • https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-3-2-4-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43244 – WordPress houzez Theme By FaveThemes <= 3.2.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43244
12 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4. The Houzez theme for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfull... • https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-by-favethemes-themeforest-theme-2-8-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5792 – Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection
https://notcve.org/view.php?id=CVE-2024-5792
08 Jul 2024 — The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belong_to’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level (seller) access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El ... • https://favethemes.zendesk.com/hc/en-us/articles/360041639432-Changelog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26540 – WordPress Houzez theme <= 2.7.1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-26540
27 Feb 2023 — Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. La vulnerabilidad de gestión de privilegios incorrecta en Favethemes Houzez permite la escalada de privilegios. Este problema afecta a Houzez: desde n/a hasta 2.7.1. The Houzez theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.7.1. This is due to improper assignment of privileges on user management/registration that allows... • https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-2-7-1-privilege-escalation?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26009 – WordPress Houzez Login Register plugin <= 2.6.3 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-26009
23 Feb 2023 — Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. Vulnerabilidad de gestión de privilegios incorrecta en favethemes Houzez Login Register permite la escalada de privilegios. Este problema afecta a Houzez Login Register: desde n/a hasta 2.6.3. The Houzez Login Register plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.3. This is due to impr... • https://patchstack.com/database/vulnerability/houzez-login-register/wordpress-houzez-login-register-plugin-2-6-3-privilege-escalation?_s_id=cve • CWE-269: Improper Privilege Management •