28
Feb
The company that has developed the theme was made aware of attacks that were being carried out in the wild and has provided updates to the theme and login register. The theme that is not vulnerable to this bug is version 2.7.2 and later, which will prevent the first vulnerability. The second vulnerability can be mitigated by ensuring the login register is running version 2.6.4 or later. Anyone running the Houzez theme and plugin should ensure that they are updated past the vulnerable version to prevent themselves from becoming a victim of this attack.
https://www.bleepingcomputer.com/news/security/critical-flaws-in-wordpress-houzez-theme-exploited-to-hijack-websites/
