Houzez Theme Unauthenticated Privilege Escalation Vulnerability Exploited WordPress
The Houzez theme is a WordPress theme specially designed for the real estate industry. It offers easy-to-use tools that will allow you to manage your agency’s content and listings, while providing the best possible experience for your clients. It has over 100+ features and customization options.
Unfortunately, it has become the target of hackers recently.
Here are some more details about this vulnerability:
- The vulnerability is caused by a security misconfiguration in the Houzez theme and plugin that allows unauthenticated users to access a login/register endpoint.
- The endpoint does not properly check user roles or capabilities, allowing attackers to create administrator accounts with arbitrary passwords and email addresses.
- The vulnerability affects Houzez theme versions 2.7.1 and lower, and Houzez plugin versions 2.6.3 and lower.
- The vulnerability has been assigned CVE IDs CVE-2023-26009 (plugin) and CVE-2023-26540 (theme).
If you are using these plugins and theme, please update it as soon as possible to avoid security issues.
PSA: Houzez Theme Unauthenticated Privilege Escalation Vulnerability Exploited in The Wild – Patchstack