CVE-2025-12904 | otacke SNORDIAN’s H5PxAPIkatchu Plugin up to 0.4.17 on WordPress AJAX Endpoint insert_data cross site scripting

A vulnerability classified as problematic has been found in otacke SNORDIAN’s H5PxAPIkatchu Plugin up to 0.4.17 on WordPress. Impacted is the function insert_data of the component AJAX Endpoint. This manipulation causes cross site scripting.

The identification of this vulnerability is CVE-2025-12904. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More