Primary

Context

Hive Support WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Hive Support WordPress plugin, specifically in versions through 1.2.2. The issue arises from inadequate nonce validation in the 'hs_update_ai_chat_settings' function, allowing unauthenticated attackers to manipulate the plugin's AI and chat settings, including API keys. Exploitation could lead to unauthorized data redirection or data leakage to attacker-controlled endpoints, provided the attacker can deceive a site administrator into initiating the action.

Impact

Exploitation of this vulnerability could result in unauthorized changes to the plugin's AI and chat settings, including API keys, and potentially allow for data to be sent to an attacker's controlled endpoint.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.

Added: Jun 6, 2025, 7:28 AM

Updated: Jun 6, 2025, 7:28 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hive Support WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating