U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:wp-property-hive:propertyhive:1.1.11:*:*:*:*:wordpress:*:*
  • CPE Name Search: true
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity
CVE-2024-8490

The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Published: September 17, 2024; 4:15:02 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-35701

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.13.

Published: June 08, 2024; 11:15:53 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2024-23513

Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5.

Published: February 12, 2024; 3:15:40 AM -0500 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-22706

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.48 versions.

Published: May 15, 2023; 8:15:09 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-29172

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions.

Published: April 07, 2023; 11:15:08 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2018-6465

The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.

Published: January 31, 2018; 1:29:00 PM -0500 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM