5 matches found
CVE-2025-12904
The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insertdata' AJAX endpoint in all versions up to, and including, 0.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-12904 SNORDIAN's H5PxAPIkatchu <= 0.4.17 - Unauthenticated Stored Cross-Site Scripting via insert_data
The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insertdata' AJAX endpoint in all versions up to, and including, 0.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2025-12904 SNORDIAN's H5PxAPIkatchu <= 0.4.17 - Unauthenticated Stored Cross-Site Scripting via insert_data
The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insertdata' AJAX endpoint in all versions up to, and including, 0.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2025-46934
Name of the Vulnerable Software and Affected Versions SNORDIAN's H5PxAPIkatchu plugin for WordPress versions through 0.4.17 Description The software is susceptible to Stored Cross-Site Scripting through the insert data API endpoint. Insufficient input sanitization and output escaping allow...
CVE-2004-1097
Format string vulnerability in the cherokeeloggerncsawritestring function in Cherokee 0.4.17 and earlier, when authenticating via authpam, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via format string specifiers in the URL...