Updated: 02.27.2023
PSA: Houzez Theme Unauthenticated Privilege Escalation Vulnerability Exploited in The Wild
from patchstack

The Houzez theme is a premium theme sold on ThemeForest and has over 35,000 sales. It’s described as a theme specifically designed for the real estate industry. It offers easy-to-use tools that will allow you to manage your agency’s content and listings, while providing the best possible experience for your clients.

We have been tracking exploits targeting a critical severity unauthenticated privilege escalation vulnerability in this theme and its related plugin.

The vulnerability

These vulnerabilities were discovered by Dave Jong and also responsibly disclosed to the plugin developer, and these vulnerabilities have since been fixed which can be seen in the links to the vulnerability database entries below.

Houzez Theme Vulnerability <= 2.7.1, fixed in 2.7.2
WordPress Houzez theme <= 2.7.1 – Privilege Escalation – Patchstack

Houzez Login Register Vulnerability <= 2.6.3, fixed in 2.6.4
WordPress Houzez Login Register plugin <= 2.6.3 – Privilege Escalation – Patchstack

The privilege escalation vulnerability is located in the theme itself and one of its plugins. The theme itself provides registration functionality (must be turned on in the settings) which also allows the user to provide the user role they want to sign up with. Unfortunately, this could be set to administrator to instantly get administrator privileges on the WordPress site.

The same vulnerability exists in the Houzez Login Register plugin.

Exploited in the wild

The vulnerability in the theme and plugin is currently exploited in the wild and have seen a large number of attacks from the IP address at the time of writing.

We will keep monitoring exploitation attempts and update this blog if more information becomes available.

Patchstack Pro and Business users are protected from the vulnerability. You can also sign up the Patchstack Community plan to be notified about vulnerabilities as soon as they become disclosed.

Share This Article
Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.