Vulnerabilities and security researches forh5pxapikatchu h5pxapikatchu

Apr 02, 2025

CVE, Research URL: CVE-2025-30821
Home page URL: Security reports for SNORDIAN's H5PxAPIkatchu
Application: SNORDIAN's H5PxAPIkatchu
Date: Mar 27, 2025
Research Description: Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through 0.4.14.
Affected versions: max 0.4.15.
Status: vulnerable

Dec 11, 2025

CVE, Research URL: CVE-2025-12904
Home page URL: Security reports for SNORDIAN's H5PxAPIkatchu
Application: SNORDIAN's H5PxAPIkatchu
Date: Nov 14, 2025
Research Description: The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up to, and including, 0.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 0.4.18.
Status: vulnerable