Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WWBN — Vulnerabilities & Security Advisories 164

Browse all 164 CVE security advisories affecting WWBN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WWBN operates as a provider of web-based business solutions, primarily focusing on content management and e-commerce platforms that enable organizations to manage digital assets and online transactions. Historically, its software has been susceptible to a wide array of critical vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and outdated dependencies. These flaws have frequently allowed attackers to escalate privileges, execute arbitrary commands, or exfiltrate sensitive data. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) indicates persistent security challenges within the codebase, reflecting difficulties in maintaining rigorous patch management and secure coding practices over time. Consequently, organizations deploying WWBN solutions face significant risks if they do not implement robust network segmentation and timely updates to mitigate these known attack vectors.

Top products by WWBN: AVideo AVideo-Encoder
CVE IDTitleCVSSSeverityPublished
CVE-2026-35179 WWBN AVideo Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php — AVideoCWE-862 5.3 Medium2026-04-06
CVE-2026-34740 AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation — AVideoCWE-918 6.5 Medium2026-03-31
CVE-2026-34739 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php — AVideoCWE-79 6.1 Medium2026-03-31
CVE-2026-34738 AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter — AVideoCWE-285 4.3 Medium2026-03-31
CVE-2026-34737 AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug — AVideoCWE-862 6.5 Medium2026-03-31
CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard — AVideoCWE-284 6.5 Medium2026-03-31
CVE-2026-34732 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints — AVideoCWE-306 5.3 Medium2026-03-31
CVE-2026-34731 AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php — AVideoCWE-306 7.5 High2026-03-31
CVE-2026-34716 AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification — AVideoCWE-79 6.4 Medium2026-03-31
CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins — AVideoCWE-352 6.5 Medium2026-03-31
CVE-2026-34611 AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users — AVideoCWE-352 6.5 Medium2026-03-31
CVE-2026-34396 AVideo: Stored XSS via Unescaped Plugin Configuration Values in Admin Panel — AVideoCWE-79 6.1 Medium2026-03-31
CVE-2026-34394 AVideo: CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking — AVideoCWE-352 8.1 High2026-03-31
CVE-2026-34395 AVideo: Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php — AVideoCWE-862 6.5 Medium2026-03-31
CVE-2026-34375 AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page — AVideoCWE-79 8.2 High2026-03-27
CVE-2026-34374 AVideo has SQL Injection in Live_schedule::keyExists() via Unparameterized Stream Key — AVideoCWE-89 9.1 Critical2026-03-27
CVE-2026-34369 AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification — AVideoCWE-862 5.3 Medium2026-03-27
CVE-2026-34368 AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance — AVideoCWE-362 5.3 Medium2026-03-27
CVE-2026-34364 AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php — AVideoCWE-863 5.3 Medium2026-03-27
CVE-2026-34362 AVideo's WebSocket Token Never Expires Due to Commented-Out Timeout Validation in verifyTokenSocket() — AVideoCWE-613 5.4 Medium2026-03-27
CVE-2026-34247 AVideo's IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False Socket Notifications — AVideoCWE-862 5.4 Medium2026-03-27
CVE-2026-34245 AVideo's Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking — AVideoCWE-862 6.3 Medium2026-03-27
CVE-2026-33867 AVideo has Plaintext Video Password Storage — AVideoCWE-312 8.1 -2026-03-27
CVE-2026-33770 AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables — AVideoCWE-89 9.8 -2026-03-27
CVE-2026-33767 AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into Query — AVideoCWE-89 9.8 -2026-03-27
CVE-2026-33766 AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints — AVideoCWE-918 8.2 -2026-03-27
CVE-2026-33764 AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions — AVideoCWE-639 4.3 Medium2026-03-27
CVE-2026-33763 AVideo has an Unauthenticated Video Password Brute-Force Vulnerability via Unrate-Limited Boolean Oracle — AVideoCWE-307 5.3 Medium2026-03-27
CVE-2026-33761 AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings — AVideoCWE-862 5.3 Medium2026-03-27
CVE-2026-33759 AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents — AVideoCWE-862 5.3 Medium2026-03-27

This page lists every published CVE security advisory associated with WWBN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.