Vulnerabilities in WWBN
187 resultsCVE-2026-41057HIGHAVideo has CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) that Exposes Authenticated API ResponsesEPSS 0.1%CVE-2026-43877MEDIUMWWBN AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary BytesEPSS 0.1%CVE-2026-47696HIGHWWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpointEPSS 0.1%CVE-2026-40928MEDIUMAVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset DeletionEPSS 0.1%CVE-2026-40929MEDIUMWWBN AVideo's missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creatorsEPSS 0.1%CVE-2026-35180MEDIUMWWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File WriteEPSS 0.1%CVE-2026-45610MEDIUMWWBN AVideo plugin/LoginControl/set.json.php: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FAEPSS 0.1%