Missing Authorization Vulnerability in Houzez Theme by Favethemes
CVE-2025-49406

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Houzez
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-49406?

A missing authorization flaw in the Houzez theme by Favethemes permits users to access functionalities that are not adequately restricted by Access Control Lists (ACLs). This issue enables unauthorized actions, posing a significant security risk to affected installations, versions ranging from n/a to 4.1.1. Website administrators are urged to apply the latest updates and review user permissions to mitigate potential exploits.

Affected Version(s)

Houzez <= 4.1.1

References

https://patchstack.com/database/wordpress/theme/houzez/vu...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Rafie Muhammad (Patchstack)

WordPress

What is CVE-2025-49406?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit