CVE-2025-9163 | Houzez Plugin up to 4.1.6 on WordPress SVG File houzez_property_img_upload cross site scripting

Inserito da Angelo Barbosa | Nov 26, 2025 | CVE

A vulnerability categorized as problematic has been discovered in Houzez Plugin up to 4.1.6 on WordPress. Affected by this vulnerability is the function houzez_property_img_upload of the component SVG File Handler. Executing manipulation can lead to cross site scripting.

This vulnerability is handled as CVE-2025-9163. The attack can be executed remotely. There is not any exploit available.

CVE-2025-9163 | Houzez Plugin up to 4.1.6 on WordPress SVG File houzez_property_img_upload cross site scripting

Post correlati

CVE-2024-44872 | moziloCMS 3.0 cross site scripting

CVE-2024-11616 | Netskope Endpoint DLP 118.0.0; 0 Content Control Driver RtlCopyMemory NumberOfBytes out-of-bounds (kpsa-2024-003)

CVE-2023-32666 | Intel Xeon unknown vulnerability (intel-sa-00986)

CVE-2024-57942 | Linux Kernel up to 6.12.9 netfs_unlock_read_folio information disclosure