Hive Support
by WordPress
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-52370 | Cri | 0.64 | 9.9 | 0.00 | Nov 14, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects Hive Support: from n/a through <= 1.1.1. | ||
| CVE-2024-54304 | Hig | 0.55 | 8.5 | 0.00 | Dec 13, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support hive-support allows SQL Injection.This issue affects Hive Support: from n/a through <= 1.1.2. | ||
| CVE-2025-32635 | Hig | 0.49 | 7.5 | 0.00 | Apr 17, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support hive-support allows Retrieve Embedded Sensitive Data.This issue affects Hive Support: from n/a through <= 1.2.6. | ||
| CVE-2025-32666 | Hig | 0.46 | 7.1 | 0.00 | Apr 17, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Reflected XSS.This issue affects Hive Support: from n/a through <= 1.2.5. | ||
| CVE-2025-32242 | Med | 0.42 | 6.5 | 0.00 | Apr 10, 2025 | Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hive Support: from n/a through <= 1.2.5. | ||
| CVE-2025-32214 | Med | 0.42 | 6.5 | 0.00 | Apr 10, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Stored XSS.This issue affects Hive Support: from n/a through <= 1.2.11. | ||
| CVE-2025-32208 | Med | 0.42 | 6.5 | 0.00 | Apr 10, 2025 | Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.2.5. | ||
| CVE-2025-5018 | Hig | 0.39 | 7.1 | 0.00 | Jun 6, 2025 | The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.5. This makes it… | ||
| CVE-2025-5019 | Med | 0.28 | 5.4 | 0.00 | Jun 6, 2025 | The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the… | ||
| CVE-2025-22298 | Med | 0.28 | 4.3 | 0.00 | Jan 7, 2025 | Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.1.6. | ||
| CVE-2024-54321 | Med | 0.28 | 4.3 | 0.00 | Dec 13, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.This issue affects Hive Support: from n/a through <= 1.1.2. |
- risk 0.64cvss 9.9epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects Hive Support: from n/a through <= 1.1.1.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support hive-support allows SQL Injection.This issue affects Hive Support: from n/a through <= 1.1.2.
- risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support hive-support allows Retrieve Embedded Sensitive Data.This issue affects Hive Support: from n/a through <= 1.2.6.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Reflected XSS.This issue affects Hive Support: from n/a through <= 1.2.5.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hive Support: from n/a through <= 1.2.5.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Stored XSS.This issue affects Hive Support: from n/a through <= 1.2.11.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.2.5.
- risk 0.39cvss 7.1epss 0.00
The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.5. This makes it…
- risk 0.28cvss 5.4epss 0.00
The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.1.6.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.This issue affects Hive Support: from n/a through <= 1.1.2.