CVE-2025-24747: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in Houzez.co Houzez theme, affecting versions through 3.4.0. The vulnerability was disclosed on January 27, 2025, and was assigned CVE-2025-24747. This security issue impacts the WordPress theme's functionality and has been classified with a CVSS v3.1 Base Score of 5.3 (Medium) (NVD, Patchstack).

The vulnerability is categorized as CWE-862 (Missing Authorization) and received a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, and requires no user interaction (NVD).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to missing authorization checks. The impact is considered low severity, though it could potentially lead to unauthorized access to privileged functions (Patchstack).

Users are advised to update to version 3.4.2 or later to address this vulnerability. The fix has been implemented in the updated version, and given the low severity of the issue, immediate patching, while recommended, is not considered critical (Patchstack).