Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
214032.2%CRITICAL

Related CVEs

14
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-0808The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the "deleteexport" action. This makes it possible for unauthenticated attackers to delete property feed exports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.MEDIUM5.44.7%Feb 12, 2025
CVE-2024-12585The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.MEDIUM6.144.2%Jan 8, 2025
CVE-2024-37204Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.MEDIUM4.330.0%Nov 1, 2024
CVE-2024-8490The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.MEDIUM6.525.4%Sep 17, 2024
CVE-2024-35701Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.13.MEDIUM5.417.4%Jun 8, 2024
CVE-2024-34381Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10.MEDIUM5.424.9%May 6, 2024
CVE-2024-3607The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary postsMEDIUM4.345.2%May 2, 2024
CVE-2024-27985Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9.HIGH8.829.4%Apr 11, 2024
CVE-2024-29923Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Reflected XSS.This issue affects PropertyHive: from n/a through 2.0.8.MEDIUM6.131.6%Mar 27, 2024
CVE-2024-24718Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6.MEDIUM6.523.8%Mar 26, 2024
CVE-2024-23513Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5.CRITICAL9.840.1%Feb 12, 2024
CVE-2023-22706Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.48 versions.MEDIUM6.130.1%May 15, 2023
CVE-2023-29172Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions.MEDIUM6.130.1%Apr 7, 2023
CVE-2018-6465The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.NONE73.6%Jan 31, 2018