CVE-2025-53198: 
WordPress vulnerability analysis and mitigation

The vulnerability identified as CVE-2025-53198 affects the WordPress Houzez theme versions 4.0.4 and below. This security flaw was discovered by Tran Nguyen Bao Khanh from VCI - VNPT Cyber Immunity and was publicly disclosed on July 1, 2025. The vulnerability is classified as an Unauthenticated Local File Inclusion issue with a high CVSS score of 8.1 (Patchstack).

The vulnerability is categorized under the OWASP Top 10 category A3: Injection and is specifically classified as a Local File Inclusion vulnerability. The issue received a CVSS score of 8.1, indicating its high severity. The vulnerability affects the Houzez WordPress theme and requires no authentication to exploit, making it particularly dangerous (Patchstack).

This Local File Inclusion vulnerability could enable malicious actors to include and display local files from the target website. Of particular concern is the potential access to files containing sensitive information such as database credentials, which could lead to a complete database compromise depending on the system configuration (Patchstack).

The vulnerability has been patched in version 4.0.8 of the Houzez theme. Users are strongly advised to update to version 4.0.8 or later immediately. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).