Cross-site Scripting Vulnerability in Houzez Theme Functionality by Favethemes
CVE-2025-62058

Currently unrated

Key Information:

Vendor

WordPress
Status
Houzez Theme - Functionality
Vendor
CVE Published:
22 October 2025

What is CVE-2025-62058?

The vulnerability in Houzez Theme Functionality arises from inadequate input neutralization during web page generation, leading to potential cross-site scripting attacks. This flaw can enable malicious users to inject malicious scripts into web pages viewed by other users, compromising sensitive information and user trust. Affected versions range from n/a to below 4.2.0, making it crucial for users to update to the latest version to mitigate risks.

Affected Version(s)

Houzez Theme - Functionality <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/houz...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)
JSON
.
CVE-2025-62058 : Cross-site Scripting Vulnerability in Houzez Theme Functionality by Favethemes