WordPress Houzez CRM Plugin <= 1.3.4 is vulnerable to SQL Injection
CVE-2023-36529
9.8CRITICAL
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 3 November 2023
What is CVE-2023-36529?
The Favethemes Houzez Real Estate WordPress Theme is susceptible to an SQL Injection vulnerability due to improper neutralization of special elements within SQL commands. This flaw allows attackers to inject malicious SQL statements, potentially compromising the database's integrity and retrieving sensitive information. The vulnerability impacts versions from n/a to 1.3.4, highlighting the need for immediate attention and security updates to maintain a secure web environment.
Affected Version(s)
Houzez - Real Estate WordPress Theme <= 1.3.4