March 28, 2023

The Houzez is a high-quality theme and plugin for WordPress from ThemeForesr, which is commonly utilized by real estate websites and has two high-risk vulnerabilities exploited by threat actors

  • The first vulnerability tracked as CVE ID: CVE-2023-26540 with a CVSS Score: 9.8.
  • The second vulnerability tracked as CVE ID: CVE-2023-26009 with a CVSS Score: 9.8
Advertisements

The first vulnerability was fixed in version 2.6.4, which was released in August 2022, and the second issue was resolved in version 2.7.2, which was released in November 2022.

The privilege escalation vulnerability has been found both in the theme itself as well as one of the plugins that are included in the theme. It is important to note that the Houzez Login Register plugin is also vulnerable to the same vulnerability.

A backdoor was uploaded by the threat actors in the attacks that enabled them to perform command execution, inject ads on the website, and redirect users to malicious site.

Advertisements

The website owners and administrators should prioritize the process of applying the available patches on priority.

This research was documented by a threat researcher from Patchstack named Dave Jong.

Tags:

Leave a Reply

You may have missed

Apache Fineract Vulnerabilities

Apache Fineract Vulnerabilities

March 28, 2023
IceID Malware Shifting Focus to Ransomwares

IceID Malware Shifting Focus to Ransomwares

March 28, 2023
Sun Pharma suffers a Security Incident

Sun Pharma suffers a Security Incident

March 28, 2023
Twitter Source Code Leak on Git

Twitter Source Code Leak on Git

March 27, 2023
Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
Dark Power Ransomware Dissection

Dark Power Ransomware Dissection

March 26, 2023
%d bloggers like this: