Description
Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.2.5.
Published: 2025-04-10
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization check in the WordPress Hive Support plugin up to version 1.2.5 allows attackers to bypass intended access limitations, enabling unauthorized users to manipulate plugin functionality. This broken access control could expose sensitive data or affect configuration settings, aligning with CWE‑862. The potential consequence includes data disclosure, unauthorized modifications, or privilege escalation within the affected WordPress site.

Affected Systems

The vulnerability affects the Hive Support plugin distributed by the Hive Support vendor. All releases from the initial version through 1.2.5 are impacted, including installations deployed on WordPress websites that have not applied the latest release.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, and the EPSS score of less than 1 % suggests a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Because the issue stems from missing authorization, an attacker could craft HTTP requests to the plugin’s endpoints or exploit misconfigured user roles without needing to compromise authentication. The risk remains when the plugin is accessible publicly, but the low EPSS indicates few observed exploits; however, site administrators should treat it as a valid threat and address it promptly.

Generated by OpenCVE AI on April 30, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Hive Support plugin to a version that corrects the missing authorization check.
  • If an update is not available, disable or uninstall the Hive Support plugin until a fix is released.
  • Limit the plugin’s administrative functions to high‑privilege roles through WordPress role management, ensuring that regular users cannot invoke privileged actions.
  • Monitor the WordPress instance for anomalous activity related to the plugin’s capabilities and enforce logging for future incidents.

Generated by OpenCVE AI on April 30, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10450 Missing Authorization vulnerability in Hive Support Hive Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hive Support: from n/a through 1.2.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Hive Support Hive Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hive Support: from n/a through 1.2.2. Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through <= 1.2.5.
Title WordPress Hive Support plugin <= 1.2.2 - Broken Access Control vulnerability WordPress Hive Support plugin <= 1.2.5 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 10 Apr 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 10 Apr 2025 08:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Hive Support Hive Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hive Support: from n/a through 1.2.2.
Title WordPress Hive Support plugin <= 1.2.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:19.075Z

Reserved: 2025-04-04T10:01:35.761Z

Link: CVE-2025-32208

cve-icon Vulnrichment

Updated: 2025-04-10T13:04:38.989Z

cve-icon NVD

Status : Deferred

Published: 2025-04-10T08:15:17.813

Modified: 2026-04-23T15:28:45.507

Link: CVE-2025-32208

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T23:30:03Z

Weaknesses