VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 18 known issues Latest disclosed Nov 24, 2025

Property Hive Vulnerabilities

Review known vulnerability records for the WordPress plugin Property Hive (`propertyhive`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-66088, CVE-2025-66087 and CVE-2025-58612, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
18
High or Critical
4
Patch Coverage
100%
Last Updated
Dec 20, 2025
Priority CVE Quick Links

Fast paths into Property Hive CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
17
CVE-2024-8490 High 2.0.20
CVE-2024-8490 Property Hive Cross-Site Request Forgery

PropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_details

CVE-2024-27985 High 2.0.10
CVE-2024-27985 Property Hive Vulnerability

PropertyHive <= 2.0.9 - Authenticated (Subscriber+) PHP Object Injection

CVE-2024-23513 High 2.0.6
CVE-2024-23513 Property Hive Vulnerability

PropertyHive <= 2.0.5 - Unauthenticated PHP Object Injection via propertyhive_currency

CVE-2025-58612 Medium 2.1.6
CVE-2025-58612 Property Hive Stored Cross-Site Scripting

PropertyHive <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-39577 Medium 2.1.3
CVE-2025-39577 Property Hive Stored Cross-Site Scripting

PropertyHive <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-35701 Medium 2.0.14
CVE-2024-35701 Property Hive Stored Cross-Site Scripting

PropertyHive <= 2.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-34381 Medium 2.0.11
CVE-2024-34381 Property Hive Stored Cross-Site Scripting

PropertyHive <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-12585 Medium 2.1.1
CVE-2024-12585 Property Hive Cross-Site Scripting

Property Hive <= 2.1.0 - Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Property Hive so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
18 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 3 high severity findings.
Recent CVEs
CVE-2025-66088, CVE-2025-66087 and CVE-2025-58612
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Property Hive

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-66088
CVE-2025-66088: PropertyHive <= 2.1.12 - Missing Authorization

The Property Hive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.12. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published
Nov 24, 2025
Patched Release
2.1.13
Affected Versions
Versions up to 2.1.12
Next Step
Update to 2.1.13 or newer if supported.
Open CVE-2025-66088 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-66087
CVE-2025-66087: PropertyHive <= 2.1.12 - Missing Authorization

The Property Hive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unau...

Published
Nov 24, 2025
Patched Release
2.1.13
Affected Versions
Versions up to 2.1.12
Next Step
Update to 2.1.13 or newer if supported.
Open CVE-2025-66087 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-58612
CVE-2025-58612: PropertyHive <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The PropertyHive plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to i...

Published
Sep 03, 2025
Patched Release
2.1.6
Affected Versions
Versions up to 2.1.5
Next Step
Update to 2.1.6 or newer if supported.
Open CVE-2025-58612 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-39577
CVE-2025-39577: PropertyHive <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The PropertyHive plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to i...

Published
Apr 16, 2025
Patched Release
2.1.3
Affected Versions
Versions up to 2.1.2
Next Step
Update to 2.1.3 or newer if supported.
Open CVE-2025-39577 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12585
CVE-2024-12585: Property Hive <= 2.1.0 - Reflected Cross-Site Scripting

The Property Hive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ph_message' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to in...

Published
Dec 18, 2024
Patched Release
2.1.1
Affected Versions
Versions up to 2.1.0
Next Step
Update to 2.1.1 or newer if supported.
Open CVE-2024-12585 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-8490
CVE-2024-8490: PropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_details

The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edi...

Published
Sep 16, 2024
Patched Release
2.0.20
Affected Versions
Versions up to 2.0.19
Next Step
Update to 2.0.20 or newer if supported.
Open CVE-2024-8490 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-37204
CVE-2024-37204: PropertyHive <= 2.0.9 - Missing Authorization

The PropertyHive plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in versions up to, and including, 2.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

Published
Jun 20, 2024
Patched Release
2.0.10
Affected Versions
Versions up to 2.0.9
Next Step
Update to 2.0.10 or newer if supported.
Open CVE-2024-37204 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-35701
CVE-2024-35701: PropertyHive <= 2.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

The PropertyHive plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contrib...

Published
Jun 06, 2024
Patched Release
2.0.14
Affected Versions
Versions up to 2.0.13
Next Step
Update to 2.0.14 or newer if supported.
Open CVE-2024-35701 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-34381
CVE-2024-34381: PropertyHive <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

The PropertyHive plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

Published
May 03, 2024
Patched Release
2.0.11
Affected Versions
Versions up to 2.0.10
Next Step
Update to 2.0.11 or newer if supported.
Open CVE-2024-34381 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3607
CVE-2024-3607: PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and...

Published
Apr 24, 2024
Patched Release
2.0.13
Affected Versions
Versions up to 2.0.12
Next Step
Update to 2.0.13 or newer if supported.
Open CVE-2024-3607 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-29923
CVE-2024-29923: PropertyHive <= 2.0.8 - Reflected Cross-Site Scripting

The PropertyHive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

Published
Mar 25, 2024
Patched Release
2.0.9
Affected Versions
Versions up to 2.0.8
Next Step
Update to 2.0.9 or newer if supported.
Open CVE-2024-29923 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-27985
CVE-2024-27985: PropertyHive <= 2.0.9 - Authenticated (Subscriber+) PHP Object Injection

The PropertyHive plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.9 via deserialization of untrusted input through the 'body' parameter. This makes it possible for attackers, with subscriber-level access and above, to inject a P...

Published
Mar 13, 2024
Patched Release
2.0.10
Affected Versions
Versions up to 2.0.9
Next Step
Update to 2.0.10 or newer if supported.
Open CVE-2024-27985 Report Open CVE Reference