WordPress H5P plugin missing authorization vulnerability

WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...

WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin H5P versions = 1.16.1...

CVE-2025-68505

Summary: CVE-2025-68505 describes a missing/incorrect authorization vulnerability in the WordPress H5P plugin, allowing exploitation of misconfigured access control security levels in versions up to and including 1.16.1. Affected product/component: H5P plugin for WordPress (versions

CVE-2025-68505 WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...

CVE-2025-62951 WordPress H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through = 1.16.0...

WordPress H5P plugin < 1.15.8 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin H5P versions 1.15.8...

WordPress Interactive Content – H5P Plugin < 1.15.8 is vulnerable to Cross Site Scripting (XSS)

Software Interactive Content – H5P Type Plugin Vulnerable versions 1.15.8 Fixed in 1.15.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3111 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b51ad18a9f74 Credits Dmitrii Ignaty...

WordPress Plugin H5P Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

H5P < 1.15.8 - Contributor+ Stored XSS

Description The plugin does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues PoC 1. Upload an H5P archive containing a malicious SVG file w/an XSS 2. Example:...

PT-2022-5129 · H5P +3 · H5P +3

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to the H5P plugin in the Moodle virtual learning environment, where the H5P activity attempts report does not filter by groups. This can reveal information to non-editin...