September 21, 2023

The Houzez is a high-quality theme and plugin for WordPress from ThemeForesr, which is commonly utilized by real estate websites and has two high-risk vulnerabilities exploited by threat actors

  • The first vulnerability tracked as CVE ID: CVE-2023-26540 with a CVSS Score: 9.8.
  • The second vulnerability tracked as CVE ID: CVE-2023-26009 with a CVSS Score: 9.8
Advertisements

The first vulnerability was fixed in version 2.6.4, which was released in August 2022, and the second issue was resolved in version 2.7.2, which was released in November 2022.

The privilege escalation vulnerability has been found both in the theme itself as well as one of the plugins that are included in the theme. It is important to note that the Houzez Login Register plugin is also vulnerable to the same vulnerability.

A backdoor was uploaded by the threat actors in the attacks that enabled them to perform command execution, inject ads on the website, and redirect users to malicious site.

Advertisements

The website owners and administrators should prioritize the process of applying the available patches on priority.

This research was documented by a threat researcher from Patchstack named Dave Jong.

Tags:

2 thoughts on “Vulnerabilities in WordPress Theme

  1. Pingback: Some changes at Worldviewer | From guestwriters
  2. Pingback: Places to provide news dressed in a nice theme – Some View on the World

Leave a Reply

You may have missed

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023

GitLab Addresses Critical Vulnerability -CVE-2023-4998

September 20, 2023

Crowdstrike New Offerings and Bionic.ai Acquisition

September 20, 2023

Microsoft AI exposed terabytes of data accidentally

September 19, 2023
%d bloggers like this: