What the vulnerability does
01Description
Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.
Explanation of Vulnerability in Simple Terms
Houzez versions up to 4.1.1 lack proper authorization checks, allowing authenticated users with low privileges to access sensitive information and disrupt site availability. An attacker with a basic user account can read confidential data across the application and trigger denial-of-service conditions. The vulnerability affects the entire system scope, not just isolated components.
What an attacker can do
Read sensitive data and cause service disruption with a low-privilege user account.
Potential impact on your site
Confidential data exposed to any registered user; site availability at risk from authenticated attackers.
Conditions required to exploit
Attacker must have a valid low-privilege user account; no user interaction required.
Key dates
External resources