Beta

Report

PropertyHive <= 1.4.14 is vulnerable to Cross-Site Scripting (XSS) vulnerability

Unauthenticated
Published
2018-02-04

The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.

CVE

https://www.cve.org/CVERecord?id=CVE-2018-6465

CVSS

Score:6.1

Severity:Medium

Version: 1.4.14

There is a patch available in v1.4.15 and we strongly recommend you update to this version as soon as possible.