Vo Thi Ngoc Nhi

#14113of 53,635
19Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2025-24033
7.1
2025-06-06
WordPress · Hive Support · CVE-2025-5018
**Name of the Vulnerable Software and Affected Versions** Hive Support plugin for WordPress (affected versions not specified) **Description** The issue concerns unauthorized access and modification of data due to a missing capability check. This allows for an authentication bypass, enabling unauthorized modification of the API key. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-24034
5.4
2025-06-06
WordPress · Hive Support · CVE-2025-5019
**Name of the Vulnerable Software and Affected Versions** Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress versions 1.2.2 and earlier **Description** The issue is related to Cross-Site Request Forgery due to incomplete or incorrect nonce validation in the `hs update ai chat settings()` function. This allows unauthenticated attackers to reconfigure the plugin's AI/chat settings, including API keys, and potentially redirect notifications or leak data to attacker-controlled endpoints via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions 1.2.2 and earlier, as a temporary workaround, consider disabling the `hs update ai chat settings()` function until a patch is available. Restrict access to the plugin's AI/chat settings to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-15955
6.5
2025-04-10
Unknown · Notfound Site Notify · CVE-2025-32240
Name of the Vulnerable Software and Affected Versions: NotFound Site Notify versions n/d through 1.0 Description: The issue is related to a lack of authorization in NotFound Site Notify, which can be exploited due to incorrectly configured access control security levels. Recommendations: For versions n/d through 1.0, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.