cbcvebase.
CVE-2018-6465
published 2018-01-31

CVE-2018-6465: The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.

PriorityP426medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.65%
73.6th percentile
The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.

Affected

4 ranges
VendorProductVersion rangeFixed in
iscbind9>= 0 < 1:9.9.5.dfsg-3ubuntu0.191:9.9.5.dfsg-3ubuntu0.19
iscbind9>= 0 < 1:9.10.3.dfsg.P4-8ubuntu1.121:9.10.3.dfsg.P4-8ubuntu1.12
iscbind9>= 0 < 1:9.11.3+dfsg-1ubuntu1.51:9.11.3+dfsg-1ubuntu1.5
wp-property-hivepropertyhive< 1.4.151.4.15

CVSS provenance

nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.