Houzez

Vulnerabilities 18Slug houzez

Minimum safe version

4.2.0

Update to 4.2.0 or later to address 17 fixable vulnerabilities

⚠ 1 vulnerability has no fix

N/A

2025-11-26< 4.1.7

Houzez <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved Search

Wordfence CVE

N/A

2025-11-26< 4.1.7

Houzez <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

Wordfence CVE

High 8.1

2025-11-06< 4.2.0

CVE-2025-62053

CVE Wordfence

Medium 6.5 Unfixed

2025-10-22≤ 4.1.1

CVE-2025-49952

CVE Wordfence

High 8.1

2025-08-28< 4.1.4

CVE-2025-49405

CVE EUVD Wordfence

High 7.1

2025-08-28< 4.1.4

CVE-2025-49407

CVE EUVD Wordfence

Medium 5.3

2025-08-20< 4.1.4

CVE-2025-49406

CVE Wordfence EUVD

Medium 4.3

2025-07-16< 4.1.1

CVE-2025-53997

CVE Wordfence EUVD

High 8.1

2025-08-20< 4.0.8

CVE-2025-53198

CVE EUVD Wordfence

Medium 5.3

2025-01-27< 3.4.2

CVE-2025-24747

CVE EUVD Wordfence

Medium 4.3

2025-01-27< 3.4.2

CVE-2025-24754

CVE EUVD Patchstack Wordfence

High 8.8

2024-09-17< 3.3.0

CVE-2024-22303

CVE Wordfence Patchstack

High 7.1

2024-08-18< 3.2.5

CVE-2024-43244

CVE Patchstack Wordfence

N/A

< 1.8.4

Houzez < 1.8.4 - Unauthenticated Cross-Site Scripting (XSS)

WPScan

High 8.2

2023-12-20< 2.8.3

CVE-2023-29432

CVE Patchstack Wordfence

Critical 9.8

2024-05-17< 2.7.2

CVE-2023-26540

CVE Wordfence Patchstack

N/A

2020-01-11< 1.8.4

Houzez <= 1.8.3 - Reflected Cross-Site Scripting

Wordfence

N/A

2020-01-28< 1.8.4

WordPress Houzez theme <= 1.8.3 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Patchstack