CVE-2026-13357 | propertyhive Houzez Property Feed Plugin up to 2.5.46 on WordPress prepare_items orderby sql injection
A vulnerability classified as critical has been found in propertyhive Houzez Property Feed Plugin up to 2.5.46 on WordPress. This affects the function prepare_items. Performing a manipulation of the argument orderby results in sql injection.
This vulnerability is identified as CVE-2026-13357. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.VulDB Recent EntriesRead More