Cross-Site Request Forgery in Hive Support Plugin for WordPress
CVE-2025-5019
5.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 6 June 2025
What is CVE-2025-5019?
The Hive Support plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the hs_update_ai_chat_settings() function. This flaw allows unauthenticated attackers to manipulate the plugin's AI/chat settings, including API keys, by tricking site administrators into issuing forged requests. This could lead to potential data leaks or misdirection of notifications to unauthorized endpoints.
Affected Version(s)
Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress * <= 1.2.4