Remote File Inclusion Vulnerability in Houzez Theme from Favethemes
CVE-2025-62054

Currently unrated

Key Information:

Vendor

WordPress
Status
Houzez Theme - Functionality
Vendor
CVE Published:
22 October 2025

What is CVE-2025-62054?

A vulnerability exists in Houzez Theme - Functionality due to improper control of filenames in the PHP Include/Require statements. This flaw may allow an attacker to perform Remote File Inclusion, potentially leading to unauthorized access to sensitive files or execution of malicious code on the server. Websites using this theme version 4.1.8 or earlier are particularly at risk, highlighting the necessity for prompt updates and security measures.

Affected Version(s)

Houzez Theme - Functionality <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/houz...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)
JSON
.
CVE-2025-62054 : Remote File Inclusion Vulnerability in Houzez Theme from Favethemes