Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

PropertyHive

Source -

CNA

CNA CVEs -

14

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
14Vulnerabilities found
CVE-2026-42729
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 11.20%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 09:49
Updated-27 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through <= 2.2.2.

Action-Not Available
Vendor-Property Hive
Product-PropertyHive
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-66088
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.53%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 07:22
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.

Action-Not Available
Vendor-Property Hive
Product-PropertyHive
CWE ID-CWE-862
Missing Authorization
CVE-2025-66087
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.02%
||
7 Day CHG~0.00%
Published-21 Nov, 2025 | 12:29
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.

Action-Not Available
Vendor-Property Hive
Product-PropertyHive
CWE ID-CWE-862
Missing Authorization
CVE-2025-58612
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.98%
||
7 Day CHG~0.00%
Published-03 Sep, 2025 | 14:36
Updated-12 May, 2026 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive Plugin <= 2.1.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Stored XSS.This issue affects PropertyHive: from n/a through <= 2.1.5.

Action-Not Available
Vendor-Property Hive
Product-PropertyHive
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-39577
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.13%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows Stored XSS.This issue affects PropertyHive: from n/a through <= 2.1.2.

Action-Not Available
Vendor-Property Hive
Product-PropertyHive
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-37204
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.71%
||
7 Day CHG+0.06%
Published-01 Nov, 2024 | 14:18
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.

Action-Not Available
Vendor-wp-property-hivePropertyHive
Product-propertyhivePropertyHive
CWE ID-CWE-862
Missing Authorization
CVE-2024-35701
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:16
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.0.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.13.

Action-Not Available
Vendor-wp-property-hivePropertyHivepropertyhive
Product-propertyhivePropertyHivepropertyhive
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34381
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.69%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 18:23
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10.

Action-Not Available
Vendor-wp-property-hivePropertyHivepropertyhive
Product-propertyhivePropertyHivepropertyhive
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-29923
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.84%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 07:20
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Reflected XSS.This issue affects PropertyHive: from n/a through 2.0.8.

Action-Not Available
Vendor-wp-property-hivePropertyHivepropertyhive
Product-propertyhivePropertyHivepropertyhive_wordpress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-24718
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 31.90%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 11:33
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.0.6 - Missing Authorization to Non-Arbitrary Plugin Installation vulnerability

Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6.

Action-Not Available
Vendor-wp-property-hivePropertyHive
Product-propertyhivePropertyHive
CWE ID-CWE-862
Missing Authorization
CVE-2024-27985
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.44% / 63.89%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 15:18
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive plugin <= 2.0.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9.

Action-Not Available
Vendor-wp-property-hivePropertyHivepropertyhive
Product-propertyhivePropertyHivepropertyhive
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-23513
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.7||HIGH
EPSS-0.54% / 68.20%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 07:53
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive Plugin <= 2.0.5 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5.

Action-Not Available
Vendor-wp-property-hivePropertyHive
Product-propertyhivePropertyHive
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-22706
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 42.13%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 11:05
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive Plugin <= 1.5.48 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.48 versions.

Action-Not Available
Vendor-wp-property-hivePropertyHive
Product-propertyhivePropertyHive
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29172
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.20% / 42.13%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 14:16
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions.

Action-Not Available
Vendor-wp-property-hivePropertyHive
Product-propertyhivePropertyHive
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')