Description
Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support hive-support allows Retrieve Embedded Sensitive Data.This issue affects Hive Support: from n/a through <= 1.2.6.
Published: 2025-04-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Hive Support WordPress plugin contains an insertion of sensitive information into sent data, allowing an attacker to retrieve embedded sensitive data embedded by the plugin. This flaw results in a confidentiality compromise, classified as CWE‑201, enabling an unauthorized actor to access data that should remain private or restricted.

Affected Systems

WordPress sites that have the Hive Support plugin from Hive Support installed with a version equal to or older than 1.2.6 are impacted. Any instance of the plugin in these versions may expose sensitive information to external parties.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.5, indicating a high level of severity. The EPSS score is reported as less than 1 %, implying the probability of exploitation is currently low but not zero, and the issue is not listed in CISA’s KEV catalog. The most likely attack vector is remote, through a web request to the plugin’s data handling endpoint, allowing an attacker to trigger the exposure of sensitive data without any further privileges. Prompt remediation is recommended given the confidentiality impact and the potential for exploitation if a lack of safeguards is present.

Generated by OpenCVE AI on April 30, 2026 at 21:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Hive Support plugin to a version newer than 1.2.6.
  • If an upgrade cannot be performed immediately, disable the plugin or restrict its activation to trusted administrative accounts only.
  • Review the plugin’s configuration and any data payloads it sends to ensure no sensitive information is included or transmitted in clear text.

Generated by OpenCVE AI on April 30, 2026 at 21:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11714 Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support allows Retrieve Embedded Sensitive Data. This issue affects Hive Support: from n/a through 1.2.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support allows Retrieve Embedded Sensitive Data. This issue affects Hive Support: from n/a through 1.2.2. Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support hive-support allows Retrieve Embedded Sensitive Data.This issue affects Hive Support: from n/a through <= 1.2.6.
Title WordPress Hive Support plugin <= 1.2.2 - Sensitive Data Exposure vulnerability WordPress Hive Support plugin <= 1.2.6 - Sensitive Data Exposure vulnerability
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Thu, 17 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 17 Apr 2025 16:00:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support allows Retrieve Embedded Sensitive Data. This issue affects Hive Support: from n/a through 1.2.2.
Title WordPress Hive Support plugin <= 1.2.2 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:25.947Z

Reserved: 2025-04-09T11:20:51.368Z

Link: CVE-2025-32635

cve-icon Vulnrichment

Updated: 2025-04-17T17:42:38.859Z

cve-icon NVD

Status : Deferred

Published: 2025-04-17T16:15:48.003

Modified: 2026-04-23T15:29:15.253

Link: CVE-2025-32635

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T22:00:08Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data