Hackers are actively exploiting two critical-severity vulnerabilities in the Houzez theme and plugin for WordPress, two premium add-ons used primarily in real estate websites.
The Houzez theme is a premium plugin that costs $69, offering easy listing management and a smooth customer experience. The vendor's site claims it is serving over 35,000 customers in the real estate industry.
The two vulnerabilities were discovered by Patchstack's threat researcher Dave Jong and reported to the theme's vendor, 'ThemeForest,' with one flaw fixed in version 2.6.4 (August 2022) and the other in version 2.7.2 (November 2022).
However, a new Patchstack report warns that some websites have not applied the security update, and threat actors actively exploit these older flaws in ongoing attacks.
“The vulnerability in the theme and plugin is currently exploited in the wild and have seen a large number of attacks from the IP address 103.167.93.138 at the time of writing.” -
Patchstack.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
