Published on 28 Feb 2023 | Updated on 28 Feb 2023
There have been recent reports of active exploitation of two critical vulnerabilities (CVE-2023-26540 and CVE-2023-26009) affecting Houzez, a WordPress plugin. Both vulnerabilities have a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain admin privileges and take full control of the affected website.
The following versions of the Houzez plugin are affected:
Users and administrators of affected product versions are advised to upgrade to the latest version immediately.
More information is available here: