Vulnerabilities Found in Popular Houzez Theme and Plugin – Imran Rasheed
HomeSecurity NewsVulnerabilities Found in Popular Houzez Theme and Plugin – Imran Rasheed
Two security vulnerabilities have been discovered in the Houzez WordPress theme and its associated Login Register plugin, which are widely used in the real estate sector and currently count for 46,000 sales.
Discovered by PatchStack, these flaws, now patched, could allow unauthorized users to escalate their privileges, potentially compromising entireWordPress sites.
The primary issue was an unauthenticated privilege escalation vulnerability within the Houzez theme. This flaw enabled unauthenticated users to gain elevated privileges by executing specific HTTP requests.
The vulnerability stemmed from inadequate authorization checks in the code that processes user input. Specifically, the function responsible for password resets did not verify if the user requesting the reset was the account owner, allowing anyone to change passwords indiscriminately. This vulnerability has been assigned CVE-2024-22303.
“The page included a nonce check, but any user with a Subscriber role can fetch the nonce, and if the plugin enables registration, anyone could register to get the nonce token,” PatchStack explained.
Additionally, the Houzez Login Register plugin exhibited similar weaknesses. It allowed unauthenticated users to modify email addresses associated with any user account, which could lead to account takeovers. This vulnerability has been designated CVE-2024-21743. The plugin’s function for updating user information lacks proper checks, enabling attackers to exploit it easily.
To address these vulnerabilities, the vendor has released updates for both the Houzez theme and the Login Register plugin, urging users to upgrade to version 3.3.0 or higher. The updates include enhanced role checks and the removal of the vulnerable function from the plugin.
“Supplying user input to functions like wp_update_user(), update_user_meta() or similar functions should only be allowed under strict whitelisting options,” PatchStack warned. “Otherwise, the values should be checked and set by the vendor according to the right privilege levels.”
Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences …
The University Medical Center (UMC) Health System in Lubbock, Texas, has confirmed a ransomware attack that disrupted its IT infrastructure last week, forcing the diversion of emergency and non-emergency patients. UMC, the only level 1 trauma centre within 400 miles, faced significant operational challenges, with phone systems down and the patient portal inaccessible. Despite this, …
A British hacker accused of orchestrating a $3.75m insider trading scheme has been charged in the US. Robert Westbrook, 39, allegedly gained unauthorized access to corporate executives’ email accounts to profit from confidential financial information. US authorities arrested Westbrook last week in London, and he is awaiting extradition to face multiple charges, including securities fraud …
According to PwC, cyber-resilience efforts must catch up among global organizations, partly because they fail to involve CISOs in strategic technology investments. The consulting giant polled over 4000 business and technology executives to compile its annual Global Digital Trust Insights report. PwC found that just 2% of responding organizations have implemented cyber resilience actions across all areas …
Arkansas City, Kansas, has confirmed that its water treatment facility experienced a cybersecurity incident on September 22 2024, prompting a temporary switch to manual operations. Local authorities were notified immediately, and cybersecurity experts are working to restore the facility’s automated systems. Writing in an advisory on Sunday, City Manager Randy Frazer emphasized that the incident has not disrupted …
Imran Rasheed is a Chief Information Security Officer dedicated to developing innovative solutions for organizations and governments through his expertise. He has worked in blue-chip companies and has experience in different finance sectors. Nevertheless, he mentors young professionals in his free time to help them achieve their career goals and dreams.