Wp-property-hive

Propertyhive

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-12585

Exploit
  • EPSS 0.02%
  • Veröffentlicht 08.01.2025 06:15:16
  • Zuletzt bearbeitet 14.05.2025 15:42:36

The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

4.3

CVE-2024-37204

  • EPSS 0.1%
  • Veröffentlicht 01.11.2024 15:15:20
  • Zuletzt bearbeitet 29.01.2025 20:18:25

Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.

6.5

CVE-2024-8490

  • EPSS 0.05%
  • Veröffentlicht 17.09.2024 08:15:02
  • Zuletzt bearbeitet 27.09.2024 18:36:00

The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for un...

5.4

CVE-2024-35701

  • EPSS 0.12%
  • Veröffentlicht 08.06.2024 15:15:53
  • Zuletzt bearbeitet 21.11.2024 09:20:41

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.13.

5.4

CVE-2024-34381

  • EPSS 0.18%
  • Veröffentlicht 06.05.2024 19:15:09
  • Zuletzt bearbeitet 31.01.2025 18:15:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10.

4.3

CVE-2024-3607

  • EPSS 0.2%
  • Veröffentlicht 02.05.2024 17:15:28
  • Zuletzt bearbeitet 04.02.2025 17:08:57

The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, wit...

8.8

CVE-2024-27985

  • EPSS 0.44%
  • Veröffentlicht 11.04.2024 01:25:07
  • Zuletzt bearbeitet 28.01.2025 21:17:20

Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9.

6.1

CVE-2024-29923

  • EPSS 0.27%
  • Veröffentlicht 27.03.2024 08:15:39
  • Zuletzt bearbeitet 31.01.2025 18:23:56

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Reflected XSS.This issue affects PropertyHive: from n/a through 2.0.8.

6.5

CVE-2024-24718

  • EPSS 0.13%
  • Veröffentlicht 26.03.2024 12:15:49
  • Zuletzt bearbeitet 31.01.2025 18:23:45

Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6.

9.8

CVE-2024-23513

  • EPSS 0.54%
  • Veröffentlicht 12.02.2024 08:15:40
  • Zuletzt bearbeitet 21.11.2024 08:57:51

Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5.