CVE-2025-32242
published 2025-04-10CVE-2025-32242: Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Accessing Functionality Not Properly Constrained by ACLs.This issue…
PriorityP433medium6.5CVSS 3.1
AVNACLPRNUINSUCNILAL
EPSS
0.24%
14.4th percentile
Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hive Support: from n/a through <= 1.2.5.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hive_support | hive_support | <= 1.2.5 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3hw7-239v-hfv6: The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update
ghsa_unreviewed·2025-06-06
CVE-2025-5018 [HIGH] CWE-862 GHSA-3hw7-239v-hfv6: The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update
The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the site’s OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242.
GHSA
GHSA-5xfp-2339-j582: Missing Authorization vulnerability in Hive Support Hive Support allows Accessing Functionality Not Properly Constrained by ACLs
ghsa_unreviewed·2025-04-10
CVE-2025-32242 [MEDIUM] CWE-862 GHSA-5xfp-2339-j582: Missing Authorization vulnerability in Hive Support Hive Support allows Accessing Functionality Not Properly Constrained by ACLs
Missing Authorization vulnerability in Hive Support Hive Support allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hive Support: from n/a through 1.2.2.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-10
Published