Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PropertyHive — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting PropertyHive. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PropertyHive is a WordPress plugin designed for real estate management, enabling property listings and agent functionality. Historically, it has faced multiple security vulnerabilities, including remote code execution, cross-site scripting, and privilege escalation flaws. The plugin has accumulated 14 CVEs, with several critical issues allowing unauthorized access or complete system compromise. Notable characteristics include improper input validation and insufficient access controls in its core functionality. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities across multiple versions indicates ongoing security challenges that require immediate patching and careful implementation by users.

Top products by PropertyHive: PropertyHive Property Hive Property Hive Stamp Duty Calculator Property Hive Mortgage Calculator Houzez Property Feed
CVE IDTitleCVSSSeverityPublished
CVE-2025-0808 Houzez Property Feed <= 2.4.21 - Cross-Site Request Forgery to Property Feed Export Deletion — Houzez Property FeedCWE-352 4.3 Medium2025-02-12
CVE-2024-12465 Property Hive Stamp Duty Calculator <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting — Property Hive Stamp Duty CalculatorCWE-79 6.4 Medium2024-12-13
CVE-2024-11940 Property Hive Mortgage Calculator <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via price Parameter — Property Hive Mortgage CalculatorCWE-79 6.4 Medium2024-12-10
CVE-2024-37204 WordPress PropertyHive plugin <= 2.0.9 - Broken Access Control vulnerability — PropertyHiveCWE-862 4.3 Medium2024-11-01
CVE-2024-8490 PropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_details — Property HiveCWE-352 8.8 High2024-09-17
CVE-2024-35701 WordPress PropertyHive plugin <= 2.0.13 - Cross Site Scripting (XSS) vulnerability — PropertyHiveCWE-79 6.5 Medium2024-06-08
CVE-2024-34381 WordPress PropertyHive plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability — PropertyHiveCWE-79 6.5 Medium2024-05-06
CVE-2024-3607 PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion — Property HiveCWE-862 4.3 Medium2024-05-02
CVE-2024-29923 WordPress PropertyHive plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability — PropertyHiveCWE-79 7.1 High2024-03-27
CVE-2024-24718 WordPress PropertyHive plugin <= 2.0.6 - Missing Authorization to Non-Arbitrary Plugin Installation vulnerability — PropertyHiveCWE-862 4.3 Medium2024-03-26
CVE-2024-27985 WordPress PropertyHive plugin <= 2.0.9 - PHP Object Injection vulnerability — PropertyHiveCWE-502 5.4 Medium2024-03-21
CVE-2024-23513 WordPress PropertyHive Plugin <= 2.0.5 is vulnerable to PHP Object Injection — PropertyHiveCWE-502 8.7 High2024-02-12
CVE-2023-22706 WordPress PropertyHive Plugin <= 1.5.48 is vulnerable to Cross Site Scripting (XSS) — PropertyHiveCWE-79 7.1 High2023-05-15
CVE-2023-29172 WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS) — PropertyHiveCWE-79 7.1 High2023-04-07

This page lists every published CVE security advisory associated with PropertyHive. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.