Wp Property Hive

wp-property-hive

14 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Houzez Property Feed

houzez_property_feed

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-0808 1Wp Property Hive 1Houzez Property Feed Feb 25, 2025 Feb 12, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. T...Show more The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed exports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-12585 1Wp Property Hive 1Propertyhive May 14, 2025 Jan 8, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users...Show more The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.Show less
CVE-2024-37204 1Wp Property Hive 1Propertyhive Jan 29, 2025 Nov 1, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.
CVE-2024-8490 1Wp Property Hive 1Propertyhive Sep 27, 2024 Sep 17, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function....Show more The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-35701 1Wp Property Hive 1Propertyhive Nov 21, 2024 Jun 8, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.13.
CVE-2024-34381 1Wp Property Hive 1Propertyhive Apr 28, 2026 May 6, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10.
CVE-2024-3607 1Wp Property Hive 1Propertyhive Apr 8, 2026 May 2, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible fo...Show more The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary postsShow less
CVE-2024-27985 1Wp Property Hive 1Propertyhive Apr 28, 2026 Apr 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9.
CVE-2024-29923 1Wp Property Hive 1Propertyhive Apr 28, 2026 Mar 27, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Reflected XSS.This issue affects PropertyHive: from n/a through 2.0.8.
CVE-2024-24718 1Wp Property Hive 1Propertyhive Apr 28, 2026 Mar 26, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6.
CVE-2024-23513 1Wp Property Hive 1Propertyhive Apr 28, 2026 Feb 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5.
CVE-2023-22706 1Wp Property Hive 1Propertyhive Nov 21, 2024 May 15, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.48 versions.
CVE-2023-29172 1Wp Property Hive 1Propertyhive Nov 21, 2024 Apr 7, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions.
CVE-2018-6465 1Wp Property Hive 1Propertyhive Jun 17, 2026 Jan 31, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.