Remote File Inclusion Vulnerability in Houzez Theme by Favethemes
CVE-2025-62053

Currently unrated

Key Information:

Vendor

WordPress
Status
Houzez
Vendor
CVE Published:
6 November 2025

What is CVE-2025-62053?

The Houzez theme from Favethemes contains a vulnerability related to improper control over filenames in include/require statements. This PHP Remote File Inclusion issue can potentially allow attackers to execute arbitrary code or access sensitive files, compromising the security of websites using versions prior to 4.2.0. Website administrators are urged to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Houzez <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/houze...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-62053 : Remote File Inclusion Vulnerability in Houzez Theme by Favethemes