163 matches found
CVE-2026-57321
Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...
CVE-2026-57321
The CVE-2026-57321 entry concerns the WordPress H5P plugin versions up to 1.17.7, describing an Arbitrary File Deletion vulnerability. The connected documents confirm the affected product (H5P WordPress plugin) and the issue type (arbitrary file deletion) with a CVSS v3.1 base score of 7.1 (High)...
WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin H5P versions = 1.17.7...
CVE-2026-56006
Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...
CVE-2026-56006 WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...
EUVD-2026-39375
Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...
CVE-2026-56006
CVE-2026-56006 concerns the WordPress H5P plugin (versions
WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Koutrouss Naddara in WordPress Plugin H5P versions = 1.17.6...
CVE-2026-30875
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
EUVD-2026-12496
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
Chamilo LMS 代码注入漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.36 of Chamilo LMS, there was a code injection vulnerability. This vulnerability stemmed fr...
PT-2026-25799
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
WordPress H5P plugin missing authorization vulnerability
WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...
WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin H5P versions = 1.16.1...
CVE-2025-68505
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...
CVE-2025-68505
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...