WP-Safety

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot Security & Risk Analysis

wordpress.org/plugins/hive-support

The All-In-One Help Desk, Live Chat & AI Chat Bot Plugin for WordPress.

40 active installs v1.2.11 PHP 7.4+ WP 6.5+ Updated Mar 9, 2026
chatbotcustomer-supporthelpdesklive-chatticketing-system
66
C · Use Caution
CVEs total11
Unpatched1
Last CVEJun 5, 2025
Plugin page Download
Safety Verdict

Is Hive Support | AI-Powered Help Desk, Live Chat and Chatbot Safe to Use in 2026?

Use With Caution

Score 66/100

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

11 known CVEs 1 unpatched Last CVE: Jun 5, 2025Updated 2mo ago
Risk Assessment

The "hive-support" plugin v1.2.11 presents a significant security risk due to a large number of unprotected AJAX handlers and a history of numerous vulnerabilities, including a currently unpatched high-severity issue. While the plugin demonstrates good practices in using prepared statements for SQL queries and proper output escaping, the extensive attack surface without authorization checks is a major concern. The taint analysis shows flows with unsanitized paths, though no critical or high severity issues were found in this analysis, this pattern, coupled with past vulnerabilities like SQL injection and cross-site scripting, suggests a high likelihood of exploitable weaknesses. The presence of 11 known CVEs, with one still unpatched, and common vulnerability types like missing authorization and exposure of sensitive information, strongly indicates recurring security flaws in the plugin's development. Overall, while some code quality aspects are positive, the plugin's vulnerability history and the substantial number of unprotected entry points make it a high-risk component for any WordPress installation.

Key Concerns

  • Unprotected AJAX handlers
  • Currently unpatched CVE
  • High severity CVEs in history
  • Flows with unsanitized paths
  • Missing authorization vulnerability history
  • SQL Injection vulnerability history
  • Cross-site Scripting vulnerability history
Vulnerabilities
11 published

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot Security Vulnerabilities

CVEs by Year

3 CVEs in 2024
2024
8 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
9

11 total CVEs

CVE-2025-5018high · 7.1Missing Authorization

Hive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox

Jun 5, 2025 Patched in 1.2.6 (50d)
CVE-2025-5019medium · 5.4Cross-Site Request Forgery (CSRF)

Hive Support <= 1.2.5 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function

Jun 5, 2025 Patched in 1.2.6 (50d)
CVE-2025-32666medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Hive Support <= 1.2.5 - Reflected Cross-Site Scripting

Apr 15, 2025 Patched in 1.2.6 (64d)
CVE-2025-32635medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Hive Support <= 1.2.6 - Unauthenticated Sensitive Information Exposure

Apr 15, 2025 Patched in 1.2.7 (102d)
CVE-2025-32214medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Hive Support <= 1.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Apr 8, 2025Unpatched
CVE-2025-32208medium · 4.3Missing Authorization

Hive Support <= 1.2.5 - Missing Authorization

Apr 7, 2025 Patched in 1.2.6 (72d)
CVE-2025-32242medium · 5.3Missing Authorization

Hive Support <= 1.2.5 - Missing Authorization

Apr 7, 2025 Patched in 1.2.6 (72d)
CVE-2025-22298medium · 4.3Missing Authorization

Hive Support – WordPress Help Desk <= 1.1.6 - Missing Authorization

Jan 6, 2025 Patched in 1.1.7 (10d)
CVE-2024-54321medium · 4.3Cross-Site Request Forgery (CSRF)

Hive Support – WordPress Help Desk <= 1.1.2 - Cross-Site Request Forgery

Dec 11, 2024 Patched in 1.1.3 (9d)
CVE-2024-54304medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Hive Support – WordPress Help Desk <= 1.1.2 - Authenticated (Subscriber+) SQL Injection

Dec 11, 2024 Patched in 1.1.3 (9d)
CVE-2024-52370high · 8.8Unrestricted Upload of File with Dangerous Type

Hive Support – WordPress Help Desk <= 1.1.1 - Authenticated (Subscriber+) Arbitrary File Upload

Nov 11, 2024 Patched in 1.1.2 (11d)
Version History

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot Release Timeline

v1.2.11Current1 CVE
CVE-2025-32214
v1.2.101 CVE
CVE-2025-32214
v1.2.91 CVE
CVE-2025-32214
v1.2.81 CVE
CVE-2025-32214
v1.2.71 CVE
CVE-2025-32214
v1.2.62 CVEs
CVE-2025-32214 CVE-2025-32635
v1.2.57 CVEs
CVE-2025-32666 CVE-2025-5019 CVE-2025-32214 +4 more
v1.2.07 CVEs
CVE-2025-32666 CVE-2025-5019 CVE-2025-32214 +4 more
v1.1.97 CVEs
CVE-2025-32666 CVE-2025-5019 CVE-2025-32214 +4 more
v1.1.87 CVEs
CVE-2025-32666 CVE-2025-5019 CVE-2025-32214 +4 more
v1.1.77 CVEs
CVE-2025-32666 CVE-2025-5019 CVE-2025-32214 +4 more
v1.1.111 CVEs
CVE-2025-22298 CVE-2025-32666 CVE-2024-54321 +8 more
v1.1.011 CVEs
CVE-2025-22298 CVE-2025-32666 CVE-2024-54321 +8 more
v1.0.911 CVEs
CVE-2025-22298 CVE-2025-32666 CVE-2024-54321 +8 more
v1.0.011 CVEs
CVE-2025-22298 CVE-2025-32666 CVE-2024-54321 +8 more
Code Analysis
Analyzed Mar 16, 2026

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot Code Analysis

Dangerous Functions
0
Raw SQL Queries
27
97 prepared
Unescaped Output
44
463 escaped
Nonce Checks
33
Capability Checks
32
File Operations
1
External Requests
3
Bundled Libraries
0

SQL Query Safety

78% prepared124 total queries

Output Escaping

91% escaped507 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

11 flows8 with unsanitized paths
ip_info (includes\HiveSupportUtils.php:388)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
37 unprotected

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot Attack Surface

Entry Points45
Unprotected37

AJAX Handlers 43

authwp_ajax_hs_get_woo_orders_by_user_idbackend\class-hive-support-ajax.php:55
authwp_ajax_hs_get_edd_orders_by_user_idbackend\class-hive-support-ajax.php:56
authwp_ajax_hive_lite_support_add_agentbackend\class-hive-support-ajax.php:59
authwp_ajax_hive_lite_support_update_agentbackend\class-hive-support-ajax.php:60
authwp_ajax_hive_lite_support_delete_agentbackend\class-hive-support-ajax.php:61
authwp_ajax_hive_lite_support_get_mailboxesbackend\class-hive-support-ajax.php:63
authwp_ajax_hive_lite_support_get_ticketfieldsbackend\class-hive-support-ajax.php:64
authwp_ajax_hive_lite_support_get_ticketfields_frontendbackend\class-hive-support-ajax.php:66
authwp_ajax_add_ticket_from_customer_panelbackend\class-hive-support-ajax.php:68
authwp_ajax_get_tickets_by_mailbox_frontendbackend\class-hive-support-ajax.php:69
authwp_ajax_hive_lite_support_get_ticket_replies_frontendbackend\class-hive-support-ajax.php:71
authwp_ajax_hive_lite_support_add_replay_from_frontendbackend\class-hive-support-ajax.php:73
authwp_ajax_hive_lite_support_add_replay_from_backendbackend\class-hive-support-ajax.php:74
authwp_ajax_hive_lite_support_delete_ticketsbackend\class-hive-support-ajax.php:76
authwp_ajax_hive_lite_support_close_ticketsbackend\class-hive-support-ajax.php:77
authwp_ajax_hive_lite_support_change_statusbackend\class-hive-support-ajax.php:79
authwp_ajax_hive_lite_support_change_assigneebackend\class-hive-support-ajax.php:80
authwp_ajax_hive_lite_support_change_prioritybackend\class-hive-support-ajax.php:82
authwp_ajax_hive_lite_support_fetch_reportsbackend\class-hive-support-ajax.php:83
authwp_ajax_hive_lite_support_get_all_binboxbackend\class-hive-support-ajax.php:84
authwp_ajax_hive_lite_support_get_all_stuffsbackend\class-hive-support-ajax.php:85
authwp_ajax_hive_lite_support_add_binboxbackend\class-hive-support-ajax.php:87
authwp_ajax_hive_lite_support_update_binboxbackend\class-hive-support-ajax.php:88
authwp_ajax_hive_lite_support_delete_binboxbackend\class-hive-support-ajax.php:89
authwp_ajax_hive_lite_support_get_all_email_templatesbackend\class-hive-support-ajax.php:91
authwp_ajax_hive_lite_support_update_email_templatesbackend\class-hive-support-ajax.php:92
authwp_ajax_hive_lite_support_delete_ticket_replaybackend\class-hive-support-ajax.php:93
authwp_ajax_hive_lite_support_backend_get_activitiesbackend\class-hive-support-ajax.php:94
authwp_ajax_hive_lite_support_backend_fetch_activities_by_ticketidbackend\class-hive-support-ajax.php:96
authwp_ajax_hive_lite_support_set_seen_statusbackend\class-hive-support-ajax.php:97
authwp_ajax_hive_lite_support_set_default_binboxbackend\class-hive-support-ajax.php:99
authwp_ajax_hs_update_global_settingsbackend\class-hive-support-ajax.php:100
authwp_ajax_hs_ai_chat_send_messagebackend\class-hive-support-chat-ajax.php:58
noprivwp_ajax_hs_ai_chat_send_messagebackend\class-hive-support-chat-ajax.php:59
authwp_ajax_hs_update_ai_chat_settingsbackend\class-hive-support-chat-ajax.php:60
authwp_ajax_hs_update_home_tab_settingsbackend\class-hive-support-chat-ajax.php:61
authwp_ajax_hive_lite_support_set_customer_seen_statusfrontend\class-hive-support-ajax.php:38
noprivwp_ajax_hive_lite_support_get_wp_login_formfrontend\class-hive-support-ajax.php:40
noprivwp_ajax_hive_lite_support_lost_passwordfrontend\class-hive-support-ajax.php:41
noprivwp_ajax_hive_lite_support_user_registrationfrontend\class-hive-support-ajax.php:42
authwp_ajax_hive_lite_support_mailbox_setup_wizardincludes\HiveSupportSetupWizard.php:14
authwp_ajax_hive_lite_support_mailbox_setup_wizard_skipincludes\HiveSupportSetupWizard.php:15
authwp_ajax_hive_lite_support_get_support_pageurlincludes\HiveSupportSetupWizard.php:16

Shortcodes 2

[hive-support] frontend\class-hive-support-shortcode.php:21
[hive_customer_portal] frontend\class-hive-support-shortcode.php:22
WordPress Hooks 35
actionswitch_themeappsero\src\Insights.php:140
actionswitch_themeappsero\src\Insights.php:141
actionadmin_footerappsero\src\Insights.php:158
actionadmin_noticesappsero\src\Insights.php:175
actionadmin_initappsero\src\Insights.php:178
filtercron_schedulesappsero\src\Insights.php:184
actionadmin_menuappsero\src\License.php:219
actionafter_switch_themeappsero\src\License.php:781
actionswitch_themeappsero\src\License.php:782
actionadmin_menubackend\class-hive-support-admin.php:21
actionadmin_enqueue_scriptsbackend\class-hive-support-admin.php:24
actionrest_api_initbackend\class-hive-support-rest-api.php:19
actionwp_enqueue_scriptsfrontend\class-hive-support-client.php:24
filterwoocommerce_account_menu_itemsfrontend\class-hive-support-client.php:28
actioninitfrontend\class-hive-support-client.php:29
actionwoocommerce_account_hive-support_endpointfrontend\class-hive-support-client.php:30
actionwp_enqueue_scriptsfrontend\class-hive-support-client.php:34
actionwp_footerfrontend\class-hive-support-client.php:35
actionadmin_inithive-support.php:65
actionadmin_noticeshive-support.php:95
actioninithive-support.php:118
actionhive_support_inithive-support.php:169
actionadmin_inithive-support.php:173
filterthe_contenthive-support.php:178
actionhs_ticket_createdincludes\HiveSupportAIChatBot.php:152
actionhs_ticket_closedincludes\HiveSupportAIChatBot.php:154
actionhs_customer_response_addedincludes\HiveSupportAIChatBot.php:156
actioninitincludes\HiveSupportAIChatBot.php:165
actionhs_ticket_assignedincludes\HiveSupportSendEmails.php:27
actionhs_ticket_created_by_customerincludes\HiveSupportSendEmails.php:30
actionhs_ticket_cresponse_addedincludes\HiveSupportSendEmails.php:34
actionhs_ticket_created_by_agentincludes\HiveSupportSendEmails.php:37
actionhs_ticket_closed_by_customerincludes\HiveSupportSendEmails.php:40
actionhs_ticket_aresponse_addedincludes\HiveSupportSendEmails.php:43
actioninitincludes\HiveSupportSendEmails.php:833
Maintenance & Trust

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.4
Downloads10K

Community Trust

Rating100/100
Number of ratings2
Active installs40
Alternatives

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot Alternatives

REVE Chat – AI Chatbot, Live Chat, Helpdesk, Campaigns & More

REVE Chat – AI Chatbot, Live Chat, Helpdesk, Campaigns & More

revechat

B
79

A free all-in-one customer service and lead generation platform capable of engaging, retaining, and converting customers.

100 1 unpatched
Paldesk – Live Chat & Helpdesk

Paldesk – Live Chat & Helpdesk

paldesk-live-chat-helpdesk

A
85

Powerful live chat & helpdesk plugin made for your WordPress website. Convert leads to sales & help customers in real time - it's free!

30 No CVEs
Chatmoat AI Chatbot

Chatmoat AI Chatbot

chatmoat-ai-chatbot

A
100

Chatmoat AI Chatbot that instantly helps visitors with AI-generated answers. Get 24/7 support and happier visitors. Add a custom GPT to your website.

0 No CVEs
Ensoras – AI Customer Support & Live Chat Helpdesk for WooCommerce

Ensoras – AI Customer Support & Live Chat Helpdesk for WooCommerce

ensoras-ai-chat

A
100

AI live chat and helpdesk for WooCommerce. Answers customer questions automatically using your real store data. Free plan included.

0 No CVEs
Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons

Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons

chatway-live-chat

A
100

AI chatbot agent & live chat for customer support, FAQ, chat buttons including WhatsApp with Chatway live chat. iOS & Android apps available 💬

30K No CVEs
Developer Profile

Hive Support | AI-Powered Help Desk, Live Chat and Chatbot Developer Profile

Hive Support

1 plugin · 40 total installs

64
trust score
Avg Security Score
66/100
Avg Patch Time
45 days
View full developer profile
Detection Fingerprints

How We Detect Hive Support | AI-Powered Help Desk, Live Chat and Chatbot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hive-support/assets/css/hive-support-frontend.css/wp-content/plugins/hive-support/assets/css/hive-support-admin.css/wp-content/plugins/hive-support/assets/js/hive-support-frontend.js/wp-content/plugins/hive-support/assets/js/hive-support-admin.js/wp-content/plugins/hive-support/assets/js/chat.js/wp-content/plugins/hive-support/assets/js/chatbot.js
Script Paths
/wp-content/plugins/hive-support/assets/js/hive-support-frontend.js/wp-content/plugins/hive-support/assets/js/hive-support-admin.js/wp-content/plugins/hive-support/assets/js/chat.js/wp-content/plugins/hive-support/assets/js/chatbot.js
Version Parameters
hive-support/assets/css/hive-support-frontend.css?ver=hive-support/assets/css/hive-support-admin.css?ver=hive-support/assets/js/hive-support-frontend.js?ver=hive-support/assets/js/hive-support-admin.js?ver=hive-support/assets/js/chat.js?ver=hive-support/assets/js/chatbot.js?ver=

HTML / DOM Fingerprints

CSS Classes
hs-chat-widgeths-chat-iconhs-chatbot-bubblehs-support-ticket-formhive-support-dashboard-wraphive-support-widget-button
Data Attributes
data-hs-chat-iddata-hs-chatbot-iddata-hs-widget-id
JS Globals
HiveSupportFrontendHiveSupportChatHiveSupportChatboths_chat_settingshs_chatbot_settings
REST Endpoints
/wp-json/hive-support/v1/chat/wp-json/hive-support/v1/chatbot/wp-json/hive-support/v1/tickets
Shortcode Output
[hive_customer_portal][hive_chat_widget][hive_chatbot]
FAQ

Frequently Asked Questions about Hive Support | AI-Powered Help Desk, Live Chat and Chatbot