CVE-2025-53997: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in favethemes Houzez WordPress theme, affecting versions up to 4.0.4. The vulnerability was reported on June 11, 2025, and publicly disclosed on July 16, 2025. This security issue has been assigned CVE-2025-53997 and relates to broken access control, allowing potential exploitation of incorrectly configured access control security levels (Patchstack).

The vulnerability has been classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 Base Score of 4.3 (Medium). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating that the vulnerability requires network access and low privileges to exploit, with no user interaction needed. The impact primarily affects integrity with low severity (Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to broken access control mechanisms. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited in most scenarios (Patchstack).

The vulnerability has been fixed in Houzez theme version 4.1.1. Users are advised to update to version 4.1.1 or later to remove the vulnerability. Due to the low severity impact, virtual patching has been deemed unnecessary (Patchstack).