Hive Support – WordPress Help Desk < 1.1.7 – Missing Authorization | CVE 2025-22298 | Plugin Vulnerabilities

Description

The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Fixed in 1.1.7

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0a41d0b9-da73-4d7a-b46e-ee74f4d0897d

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Dhabaleshwar Das

Verified

No

WPVDB ID

452b9312-4680-424a-a536-5ceeef99605d

Timeline

Publicly Published

2025-01-06 (about 1 year ago)

Added

2025-01-15 (about 1 year ago)

Last Updated

2025-01-15 (about 1 year ago)

Other

Published

Title

Published

2025-11-28

Title

Gutenverse < 3.3.0 - Missing Authorization

Published

2026-05-07

Title

bunny.net – WordPress CDN Plugin < 2.3.7 - Missing Authorization

Published

2024-12-11

Title

Firebase OTP Authentication <= 1.0.1 - Missing Authorization to Privilege Escalation

Published

2025-09-03

Title

F4 Media Taxonomies < 1.1.5 - Missing Authorization

Published

2025-12-04

Title

Feedback Modal for Website <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' Parameter