Medium severity6.5NVD Advisory· Published Jan 22, 2026· Updated Apr 28, 2026
CVE-2026-24355
CVE-2026-24355
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through <= 4.2.6.
Affected products
1- Range: <=4.2.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.