Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WWBN — Vulnerabilities & Security Advisories 177

Browse all 177 CVE security advisories affecting WWBN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WWBN operates as a provider of web-based business solutions, primarily focusing on content management and e-commerce platforms that enable organizations to manage digital assets and online transactions. Historically, its software has been susceptible to a wide array of critical vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and outdated dependencies. These flaws have frequently allowed attackers to escalate privileges, execute arbitrary commands, or exfiltrate sensitive data. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) indicates persistent security challenges within the codebase, reflecting difficulties in maintaining rigorous patch management and secure coding practices over time. Consequently, organizations deploying WWBN solutions face significant risks if they do not implement robust network segmentation and timely updates to mitigate these known attack vectors.

Top products by WWBN: AVideo AVideo-Encoder
CVE IDTitleCVSSSeverityPublished
CVE-2026-43885 WWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization — AVideoCWE-200--2026-05-11
CVE-2026-43884 WWBN AVideo: SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL() — AVideoCWE-918 7.7 High2026-05-11
CVE-2026-43883 WWBN AVideo: IDOR in PayPalYPT agreementCancel.json.php Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription Agreements — AVideoCWE-639 4.2 Medium2026-05-11
CVE-2026-43882 WWBN AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing — AVideoCWE-93 4.3 Medium2026-05-11
CVE-2026-43881 WWBN AVideo: Unauthenticated User Enumeration in `objects/users.json.php` via `isCompany` Parameter Flips `$ignoreAdmin = true` and Defeats Admin-Only Listing Guard — AVideoCWE-306 5.3 Medium2026-05-11
CVE-2026-43880 WWBN AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From Address — AVideoCWE-940 5.3 Medium2026-05-11
CVE-2026-43879 WWBN AVideo: Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass — AVideoCWE-918 5.4 Medium2026-05-11
CVE-2026-43878 WWBN AVideo: Reflected XSS in plugin/Meet/iframe.php via Unescaped `user`/`pass` Parameters Reflected into JavaScript String Literal — AVideoCWE-79 6.1 Medium2026-05-11
CVE-2026-43877 WWBN AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary Bytes — AVideoCWE-352 5.4 Medium2026-05-11
CVE-2026-43876 WWBN AVideo: HTML Injection in notifySubscribers.json.php Enables Platform-Branded Phishing Emails to Channel Subscribers — AVideoCWE-79 6.4 Medium2026-05-11
CVE-2026-43875 WWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account Takeover — AVideoCWE-598 6.8 Medium2026-05-11
CVE-2026-43873 WWBN AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server — AVideoCWE-209 7.5 High2026-05-11
CVE-2026-43874 WWBN AVideo: Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass — AVideoCWE-94 7.2 High2026-05-11
CVE-2026-41304 WWBN AVideo vulnerable to RCE caused by clonesite plugin — AVideoCWE-77 8.8AIHighAI2026-04-21
CVE-2026-41064 AVideo has an incomplete fix for CVE-2026-33502 (Command Injection) — AVideoCWE-78 9.3 Critical2026-04-21
CVE-2026-41063 WWBN AVideo has incomplete fix for CVE-2026-33500 (XSS) — AVideoCWE-79 5.4 Medium2026-04-21
CVE-2026-41062 WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters — AVideoCWE-22 6.5 Medium2026-04-21
CVE-2026-41061 WWBN AVideo Vulnerable to stored XSS via Unanchored Duration Regex in Video Encoder Receiver — AVideoCWE-79 5.4 Medium2026-04-21
CVE-2026-41060 AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL — AVideoCWE-918 7.7 High2026-04-21
CVE-2026-41058 AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo — AVideoCWE-22 8.1 High2026-04-21
CVE-2026-41057 AVideo has CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) that Exposes Authenticated API Responses — AVideoCWE-346 7.1 High2026-04-21
CVE-2026-41056 AVideos has CORS Origin Reflection with Credentials on Sensitive API Endpoints that Enables Cross-Origin Account Takeover — AVideoCWE-942 8.1 High2026-04-21
CVE-2026-41055 AVideo has an incomplete fix for CVE-2026-33039 (SSRF) — AVideoCWE-918 8.6 High2026-04-21
CVE-2026-40935 WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure — AVideoCWE-804 5.3 Medium2026-04-21
CVE-2026-40929 WWBN AVideo's missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators — AVideoCWE-352 5.4 Medium2026-04-21
CVE-2026-40928 AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion — AVideoCWE-352 5.4 Medium2026-04-21
CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script) — AVideoCWE-352 7.1 High2026-04-21
CVE-2026-40925 WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials — AVideoCWE-352 8.3 High2026-04-21
CVE-2026-40911 WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks — AVideoCWE-94 10.0 Critical2026-04-21
CVE-2026-40909 WWBN AVideo has a Path Traversal in Locale Save Endpoint that Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE) — AVideoCWE-22 8.7 High2026-04-21

This page lists every published CVE security advisory associated with WWBN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.