Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Favethemes — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting Favethemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Favethemes operates as a commercial provider of WordPress themes and plugins, primarily targeting e-commerce and general website development through its extensive marketplace. Security audits reveal a persistent pattern of critical vulnerabilities within its codebase, with twenty-nine Common Vulnerabilities and Exposures (CVEs) currently documented. The most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, the company has faced issues related to broken access control, allowing unauthorized privilege escalation for lower-level user roles. These defects frequently enable attackers to execute arbitrary commands or steal sensitive session cookies. While Favethemes generally responds to reported issues, the high volume of historical CVEs indicates systemic weaknesses in their development lifecycle, posing significant risks to sites relying on their unpatched or outdated components.

Found 14 results / 29Clear Filters
Top products by Favethemes: Houzez Houzez Theme - Functionality Homey Houzez - Real Estate WordPress Theme Houzez Login Register Homey Core Homey Login Register
CVE IDTitleCVSSSeverityPublished
CVE-2025-9163 Houzez <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload — HouzezCWE-79 6.1 Medium2025-11-26
CVE-2025-9191 Houzez <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved Search — HouzezCWE-502 6.3 Medium2025-11-26
CVE-2025-62053 WordPress Houzez theme < 4.2.0 - Local File Inclusion vulnerability — HouzezCWE-98 8.1 High2025-11-06
CVE-2025-49952 WordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerability — HouzezCWE-639 6.5 Medium2025-10-22
CVE-2025-49405 WordPress Houzez Theme < 4.1.4 - Local File Inclusion Vulnerability — HouzezCWE-98 4.3 Medium2025-08-28
CVE-2025-49407 WordPress Houzez Theme <= 4.1.1 - Cross Site Scripting (XSS) Vulnerability — HouzezCWE-79 8.8 High2025-08-28
CVE-2025-49406 WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability — HouzezCWE-862 8.5 High2025-08-20
CVE-2025-53198 WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability — HouzezCWE-98 8.1 High2025-08-20
CVE-2025-53997 WordPress Houzez theme <= 4.0.4 - Broken Access Control Vulnerability — HouzezCWE-862 4.3 Medium2025-07-16
CVE-2025-24747 WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability — HouzezCWE-862 5.3 Medium2025-01-27
CVE-2025-24754 WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability — HouzezCWE-862 4.3 Medium2025-01-27
CVE-2024-22303 WordPress Houzez theme <= 3.2.4 - Privilege Escalation vulnerability — HouzezCWE-266 8.8 High2024-09-17
CVE-2024-43244 WordPress houzez Theme By FaveThemes <= 3.2.4 - Cross Site Scripting (XSS) vulnerability — HouzezCWE-79 7.1 High2024-08-18
CVE-2023-26540 WordPress Houzez theme <= 2.7.1 - Privilege Escalation — HouzezCWE-269 9.8 Critical2024-05-17

This page lists every published CVE security advisory associated with Favethemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.