The Houzez theme is a WordPress theme specially designed for the real estate industry. It offers easy-to-use tools that will allow you to manage your agency’s content and listings, while providing the best possible experience for your clients. It has over 100+ features and customization options.
Unfortunately, it has become the target of hackers recently.
The vulnerability is caused by a security misconfiguration in the Houzez theme and plugin that allows unauthenticated users to access a login/register endpoint.
The endpoint does not properly check user roles or capabilities, allowing attackers to create administrator accounts with arbitrary passwords and email addresses.
The vulnerability affects Houzez theme versions 2.7.1 and lower, and Houzez plugin versions 2.6.3 and lower.
The vulnerability has been assigned CVE IDs CVE-2023-26009 (plugin) and CVE-2023-26540 (theme).
If you are using these plugins and theme, please update it as soon as possible to avoid security issues.
