CVE-2025-62053: 
WordPress vulnerability analysis and mitigation

A Local File Inclusion vulnerability was discovered in WordPress Houzez Theme versions prior to 4.2.0, identified as CVE-2025-62053. The vulnerability was disclosed on October 16, 2025, and was discovered by security researcher João Pedro S Alcântara (Kinorth). This high-severity vulnerability affects all installations of the Houzez WordPress theme running versions below 4.2.0 (Patchstack).

The vulnerability is classified as a Local File Inclusion (LFI) issue with a CVSS score of 8.1, indicating high severity. This security flaw allows unauthenticated attackers to include and view local files from the target website's system. The vulnerability could potentially expose sensitive information, including configuration files containing database credentials (Patchstack).

The vulnerability could allow malicious actors to access and view sensitive local files on the affected website. This could potentially lead to the exposure of critical configuration files, including those containing database credentials, which could result in a complete database compromise depending on the server configuration (Patchstack).

The vulnerability has been patched in version 4.2.0 of the Houzez theme. Website administrators are strongly advised to update to version 4.2.0 or later immediately. Additionally, Patchstack has issued a mitigation rule to block potential attacks until users can update to the fixed version (Patchstack).