Houzez — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in Houzez, with AI-generated Chinese analysis, references, and POCs.

Vendor: Favethemes

CVE ID	Title	CVSS	Severity	Published
CVE-2025-9163	Houzez <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload CWE-79	6.1	Medium	2025-11-26
CVE-2025-9191	Houzez <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved Search CWE-502	6.3	Medium	2025-11-26
CVE-2025-62053	WordPress Houzez theme < 4.2.0 - Local File Inclusion vulnerability CWE-98	8.1	High	2025-11-06
CVE-2025-49952	WordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerability CWE-639	6.5	Medium	2025-10-22
CVE-2025-49405	WordPress Houzez Theme < 4.1.4 - Local File Inclusion Vulnerability CWE-98	4.3	Medium	2025-08-28
CVE-2025-49407	WordPress Houzez Theme <= 4.1.1 - Cross Site Scripting (XSS) Vulnerability CWE-79	8.8	High	2025-08-28
CVE-2025-49406	WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability CWE-862	8.5	High	2025-08-20
CVE-2025-53198	WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability CWE-98	8.1	High	2025-08-20
CVE-2025-53997	WordPress Houzez theme <= 4.0.4 - Broken Access Control Vulnerability CWE-862	4.3	Medium	2025-07-16
CVE-2025-24747	WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability CWE-862	5.3	Medium	2025-01-27
CVE-2025-24754	WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability CWE-862	4.3	Medium	2025-01-27
CVE-2024-22303	WordPress Houzez theme <= 3.2.4 - Privilege Escalation vulnerability CWE-266	8.8	High	2024-09-17
CVE-2024-43244	WordPress houzez Theme By FaveThemes <= 3.2.4 - Cross Site Scripting (XSS) vulnerability CWE-79	7.1	High	2024-08-18
CVE-2023-26540	WordPress Houzez theme <= 2.7.1 - Privilege Escalation CWE-269	9.8	Critical	2024-05-17

All 14 known CVE vulnerabilities affecting Houzez with full Chinese analysis, references, and POCs where available.