Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-12-01
CVE-2025-9191 - Houzez Theme
The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target…
THEME
Houzez
CVE-2025-9191
Risk Score
Threat Entry
Updated 2025-12-01
CVE-2025-9163 - Houzez Theme
The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping in the houzez_property_img_upload() and houzez_property_attachment_upload() functions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
THEME
Houzez
CVE-2025-9163
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-29432 - Houzez Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3.
PLUGIN
Houzez
CVE-2023-29432
Risk Score
Threat Entry
Updated 2025-02-19
CVE-2023-36529 - Houzez Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4.
PLUGIN
Houzez
CVE-2023-36529
Risk Score