Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Propertyhive
(Wp\-Property\-Hive)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-12 | CVE-2024-23513 | Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5. | Propertyhive | 9.8 | ||
| 2024-09-17 | CVE-2024-8490 | The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | Propertyhive | 6.5 | ||
| 2024-06-08 | CVE-2024-35701 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.13. | Propertyhive | 5.4 | ||
| 2023-04-07 | CVE-2023-29172 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions. | Propertyhive | 6.1 | ||
| 2023-05-15 | CVE-2023-22706 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.48 versions. | Propertyhive | 6.1 | ||
| 2018-01-31 | CVE-2018-6465 | The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php. | Propertyhive | 6.1 |