cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8490,https://securityvulnerability.io/vulnerability/CVE-2024-8490,Cross-Site Request Forgery Vulnerability in PropertyHive WordPress Plugin,"The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Propertyhive,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2024-09-17T08:15:00.000Z,0
CVE-2024-3607,https://securityvulnerability.io/vulnerability/CVE-2024-3607,Unauthorized Post Deletion Vulnerability in PropertyHive Plugin for WordPress,"The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts",Wordpress,Propertyhive,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-02T16:52:44.991Z,0
CVE-2018-6465,https://securityvulnerability.io/vulnerability/CVE-2018-6465,,The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.,Wordpress,Propertyhive,6.1,MEDIUM,0.0014400000218302011,false,,false,false,false,,false,false,2018-01-31T18:00:00.000Z,0