Hive Support

Source repositories

https://plugins.svn.wordpress.org/hive-support/

CVEs (8)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-52370	Cri	0.64	9.9	0.01	Nov 14, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects Hive Support: from n/a through <= 1.1.1.
CVE-2024-54304	Hig	0.55	8.5	0.00	Dec 13, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support hive-support allows SQL Injection.This issue affects Hive Support: from n/a through <= 1.1.2.
CVE-2025-5018	Hig	0.46	7.1	0.00	Jun 6, 2025	The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the site’s OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242.
CVE-2025-32242	Med	0.42	6.5	0.00	Apr 10, 2025	Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hive Support: from n/a through <= 1.2.5.
CVE-2025-32214	Med	0.42	6.5	0.00	Apr 10, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Stored XSS.This issue affects Hive Support: from n/a through <= 1.2.11.
CVE-2025-5019	Med	0.35	5.4	0.00	Jun 6, 2025	The Hive Support \| AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the hs_update_ai_chat_settings() function. This makes it possible for unauthenticated attackers to reconfigure the plugin’s AI/chat settings (including API keys) and to potentially redirect notifications or leak data to attacker-controlled endpoints via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-22298	Med	0.28	4.3	0.00	Jan 7, 2025	Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.1.6.
CVE-2024-54321	Med	0.28	4.3	0.00	Dec 13, 2024	Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.This issue affects Hive Support: from n/a through <= 1.1.2.

CVE-2024-52370CriNov 14, 2024
risk 0.64cvss 9.9epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects Hive Support: from n/a through <= 1.1.1.
CVE-2024-54304HigDec 13, 2024
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support hive-support allows SQL Injection.This issue affects Hive Support: from n/a through <= 1.1.2.
CVE-2025-5018HigJun 6, 2025
risk 0.46cvss 7.1epss 0.00
The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the site’s OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242.
CVE-2025-32242MedApr 10, 2025
risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hive Support: from n/a through <= 1.2.5.
CVE-2025-32214MedApr 10, 2025
risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Stored XSS.This issue affects Hive Support: from n/a through <= 1.2.11.
CVE-2025-5019MedJun 6, 2025
risk 0.35cvss 5.4epss 0.00
The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the hs_update_ai_chat_settings() function. This makes it possible for unauthenticated attackers to reconfigure the plugin’s AI/chat settings (including API keys) and to potentially redirect notifications or leak data to attacker-controlled endpoints via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-22298MedJan 7, 2025
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.1.6.
CVE-2024-54321MedDec 13, 2024
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.This issue affects Hive Support: from n/a through <= 1.1.2.