Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

favethemes — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting favethemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by favethemes:HouzezHouzez Theme - FunctionalityHomeyHouzez - Real Estate WordPress ThemeHouzez Login RegisterHomey CoreHomey Login RegisterPremium Age Verification / Restriction for WordPressPro Bulk Watermark Plugin for WordPressPremium SEO Pack
CVE IDTitleCVSSSeverityPublished
CVE-2026-24355 WordPress Houzez Theme - Functionality plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability — Houzez Theme - FunctionalityCWE-79 6.5 Medium2026-01-22
CVE-2025-67964 WordPress Homey Core plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability — Homey CoreCWE-79 6.1AIMediumAI2026-01-22
CVE-2025-67965 WordPress Homey Core plugin <= 2.4.3 - Broken Access Control vulnerability — Homey CoreCWE-862 5.3 Medium2025-12-16
CVE-2025-9163 Houzez <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload — HouzezCWE-79 6.1 Medium2025-11-26
CVE-2025-9191 Houzez <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved Search — HouzezCWE-502 6.3 Medium2025-11-26
CVE-2025-62057 WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability — Houzez Theme - FunctionalityCWE-79 6.1 -2025-11-06
CVE-2025-62053 WordPress Houzez theme < 4.2.0 - Local File Inclusion vulnerability — HouzezCWE-98 8.1 High2025-11-06
CVE-2025-62058 WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability — Houzez Theme - FunctionalityCWE-79 6.1AIMediumAI2025-10-22
CVE-2025-62054 WordPress Houzez Theme - Functionality plugin <= 4.1.8 - Local File Inclusion vulnerability — Houzez Theme - FunctionalityCWE-98 9.8AICriticalAI2025-10-22
CVE-2025-49952 WordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerability — HouzezCWE-639 6.5 Medium2025-10-22
CVE-2025-49407 WordPress Premium SEO Pack Plugin <= 3.3.2 - Privilege Escalation Vulnerability — Premium SEO PackCWE-266 8.8 High2025-08-28
CVE-2025-49405 WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 - Path Traversal Vulnerability — Pro Bulk Watermark Plugin for WordPressCWE-35 4.3 Medium2025-08-28
CVE-2025-49406 WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - SQL Injection Vulnerability — Premium Age Verification / Restriction for WordPressCWE-89 8.5 High2025-08-20
CVE-2025-53198 WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability — HouzezCWE-98 8.1 High2025-08-20
CVE-2025-53997 WordPress Houzez theme <= 4.0.4 - Broken Access Control Vulnerability — HouzezCWE-862 4.3 Medium2025-07-16
CVE-2025-31037 WordPress Homey theme <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability — HomeyCWE-79 7.1 High2025-07-04
CVE-2025-52834 WordPress Homey theme <= 2.4.7 - SQL Injection vulnerability — HomeyCWE-89 9.3 Critical2025-06-27
CVE-2024-51800 WordPress Homey theme <= 2.4.1 - Privilege Escalation vulnerability — HomeyCWE-266 9.8 Critical2025-04-04
CVE-2025-24747 WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability — HouzezCWE-862 5.3 Medium2025-01-27
CVE-2025-24754 WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability — HouzezCWE-862 4.3 Medium2025-01-27
CVE-2024-51888 WordPress Homey Login Register Plugin <= 2.4.0 - Privilege Escalation vulnerability — Homey Login RegisterCWE-266 9.8 Critical2025-01-21
CVE-2024-22303 WordPress Houzez theme <= 3.2.4 - Privilege Escalation vulnerability — HouzezCWE-266 8.8 High2024-09-17
CVE-2024-21743 WordPress Houzez Login Register plugin <= 3.2.5 - Privilege Escalation vulnerability — Houzez Login RegisterCWE-266 8.8 High2024-09-17
CVE-2024-43244 WordPress houzez Theme By FaveThemes <= 3.2.4 - Cross Site Scripting (XSS) vulnerability — HouzezCWE-79 7.1 High2024-08-18
CVE-2024-5793 Houzez Theme - Functionality <= 3.2.2 - Authenticated (Seller+) SQL Injection — Houzez Theme - FunctionalityCWE-89 8.8 High2024-07-09
CVE-2023-26540 WordPress Houzez theme <= 2.7.1 - Privilege Escalation — HouzezCWE-269 9.8 Critical2024-05-17
CVE-2023-26009 WordPress Houzez Login Register plugin <= 2.6.3 - Privilege Escalation — Houzez Login RegisterCWE-269 9.8 Critical2024-05-17
CVE-2023-29432 WordPress Houzez Theme < 2.8.3 is vulnerable to SQL Injection — Houzez - Real Estate WordPress ThemeCWE-89 8.2 High2023-12-20
CVE-2023-36529 WordPress Houzez CRM Plugin <= 1.3.4 is vulnerable to SQL Injection — Houzez - Real Estate WordPress ThemeCWE-89 9.8 -2023-11-03

This page lists every published CVE security advisory associated with favethemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.