Browse all 5 CVE security advisories affecting Property Hive. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Property Hive is a WordPress plugin designed for real estate management, enabling property listings and agency operations. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls. The plugin maintains five CVE records, with issues ranging from arbitrary parameter manipulation to authenticated privilege escalations affecting both site administrators and potential attackers. While no major public security incidents have been widely documented, its vulnerability history underscores the importance of regular updates and input sanitization in real estate web applications handling sensitive property and user data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-66088 | WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability — PropertyHiveCWE-862 | 7.5 | High | 2025-12-18 |
| CVE-2025-66087 | WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability — PropertyHiveCWE-862 | 4.3 | Medium | 2025-11-21 |
| CVE-2025-58612 | WordPress PropertyHive Plugin <= 2.1.5 - Cross Site Scripting (XSS) Vulnerability — PropertyHiveCWE-79 | 6.5 | Medium | 2025-09-03 |
| CVE-2025-39577 | WordPress PropertyHive plugin <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability — PropertyHiveCWE-79 | 6.5 | Medium | 2025-04-16 |
| CVE-2025-30793 | WordPress Houzez Property Feed plugin <= 2.5.4 - Arbitrary File Download Vulnerability — Houzez Property FeedCWE-22 | 7.5 | High | 2025-04-01 |
This page lists every published CVE security advisory associated with Property Hive. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.