CVE-2025-5018: The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing cap
highvulnerabilityLLM-Specific
security
Summary
The Hive Support plugin for WordPress has a security flaw in versions up to 1.2.4 where two functions lack capability checks (security checks that verify user permissions). This allows attackers with basic Subscriber-level accounts to read and change the site's OpenAI API key, inspect data, and modify how the AI chatbot behaves.
Vulnerability Details
CVSS Score
7.1(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Data ExtractionPII Leakage
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-5018
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 92%