Vulnerabilities and security researches forh5p h5p

Nov 10, 2025

CVE, Research URL: CVE-2025-62951
Home page URL: Security reports for Interactive Content – H5P
Application: Interactive Content – H5P
Date: Oct 27, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icc0rz Interactive Content – H5P h5p allows Stored XSS.This issue affects Interactive Content – H5P: from n/a through <= 1.16.0.
Affected versions: max 1.16.0.
Status: vulnerable

Jun 28, 2024

CVE, Research URL: CVE-2024-3111
Home page URL: Security reports for Interactive Content – H5P
Application: Interactive Content – H5P
Date: Jun 27, 2024
Research Description: The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues
Affected versions: max 1.15.8.
Status: vulnerable

Jun 06, 2024

PSC, Research URL: PSC-2024-81239
Home page URL: Security reports for Interactive Content – H5P
Application: Interactive Content – H5P
Date: Aug 05, 2025
Research Description: The “Interactive Content – H5P” plugin, version 1.15.8, has proudly achieved the Plugin Security Certification (PSC) from CleanTalk. This certification underscores the plugin’s dedication to providing a secure, reliable, and innovative solution for creating and managing interactive content on WordPress websites.
Affected versions: Min 1.15.8, max 1.15.8.
Status: SAFE & CERTIFIED