Thousands of WordPress sites have been exposed to potential threats due to vulnerabilities in the Houzez theme and WordPress Houzez Login Register plugin.
The flaw is identified as CVE-2024-22303 and CVE-2024-21743. It affects versions up to 3.2.4 and 3.2.5 and is classified as a high-priority issue with a CVSS score of 8.8, indicating significant risk.
CVE-2024-22303 – WordPress Houzez Theme Vulnerability
The vulnerabilityallows privilege escalation, enabling malicious actors to elevate their access from low-privileged accounts to higher privileges.
This could potentially lead to complete control over the affected website. The issue is categorized under the OWASP Top 10 as A5: Security Misconfiguration.
Patch and Mitigation
Patchstackhas released a virtual patch to mitigate this vulnerability until users can update to the fixed version, 3.3.0. Website administrators are strongly advised to update immediately to prevent exploitation.
Details Information Software Houzez Type Theme Vulnerable Versions <= 3.2.4 Fixed in Version 3.3.0 Patch Priority High CVSS Severity High (8.8) Published Date 17 September 2024
CVE-2024-21743 – WordPress Houzez Login Register Plugin
The vulnerability allows for privilege escalation, potentially enabling attackers to elevate their access from a low-privileged account to higher privileges, which could result in complete control over the affected website.
This issue is categorized under the OWASP Top 10 as A5: Security Misconfiguration.
Download Free Incident Response Plan Template for Your Security Team – Free Download
Patch and Mitigation
Patchstack has provided a virtual patch to mitigate this vulnerability until users can update to the fixed version, 3.3.0. Website administrators must update immediately to prevent potential exploitation.
Details Information Software Houzez Login Register Type Plugin Vulnerable Versions <= 3.2.5 Fixed in Version 3.3.0 Patch Priority High CVSS Severity High (8.8) Published Date 17 September 2024
Risks and Recommendations
The vulnerability’s high severity suggests it could be widely exploited if not addressed promptly. Administrators should prioritize updating their sites to version 3.3.0 or later and consider using Patchstack for automatic mitigation.
This incident highlights the importance of maintaining up-to-date software and implementing robust security measures to protect digital assets from evolving threats.
