WWBN — Vulnerabilities & Security Advisories 186

Browse all 186 CVE security advisories affecting WWBN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WWBN operates as a provider of web-based business solutions, primarily focusing on content management and e-commerce platforms that enable organizations to manage digital assets and online transactions. Historically, its software has been susceptible to a wide array of critical vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and outdated dependencies. These flaws have frequently allowed attackers to escalate privileges, execute arbitrary commands, or exfiltrate sensitive data. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) indicates persistent security challenges within the codebase, reflecting difficulties in maintaining rigorous patch management and secure coding practices over time. Consequently, organizations deploying WWBN solutions face significant risks if they do not implement robust network segmentation and timely updates to mitigate these known attack vectors.

Top products by WWBN: AVideo AVideo-Encoder

CVE ID	Title	CVSS	Severity	Published
CVE-2026-45580	WWBN AVideo Live: stored XSS via unescaped stream key in modeYoutubeLive.php class attribute — AVideoCWE-79	5.4	Medium	2026-05-29
CVE-2026-45578	WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL — AVideoCWE-78	8.8	High	2026-05-29
CVE-2026-45610	WWBN AVideo plugin/LoginControl/set.json.php: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA — AVideoCWE-306	5.7	Medium	2026-05-29
CVE-2026-45619	AVideo CVE-2026-43884 incomplete fix - `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post — AVideoCWE-367	6.5	Medium	2026-05-29
CVE-2026-45620	AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration — AVideoCWE-204	5.3	Medium	2026-05-29
CVE-2026-45731	WWBN AVideo: Authenticated Arbitrary File Read in view/update.php — AVideoCWE-22	-	-	2026-05-29
CVE-2026-46337	WWBN AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php` — AVideoCWE-22	-	-	2026-05-29
CVE-2026-47694	WWBN AVideo: Stored XSS via unescaped Gallery category description — AVideoCWE-79	5.4	Medium	2026-05-29
CVE-2026-47696	WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint — AVideoCWE-345	-	-	2026-05-29
CVE-2026-43885	WWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization — AVideoCWE-200	-	-	2026-05-11
CVE-2026-43884	WWBN AVideo: SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL() — AVideoCWE-918	7.7	High	2026-05-11
CVE-2026-43883	WWBN AVideo: IDOR in PayPalYPT agreementCancel.json.php Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription Agreements — AVideoCWE-639	4.2	Medium	2026-05-11
CVE-2026-43882	WWBN AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing — AVideoCWE-93	4.3	Medium	2026-05-11
CVE-2026-43881	WWBN AVideo: Unauthenticated User Enumeration in `objects/users.json.php` via `isCompany` Parameter Flips `$ignoreAdmin = true` and Defeats Admin-Only Listing Guard — AVideoCWE-306	5.3	Medium	2026-05-11
CVE-2026-43880	WWBN AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From Address — AVideoCWE-940	5.3	Medium	2026-05-11
CVE-2026-43879	WWBN AVideo: Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass — AVideoCWE-918	5.4	Medium	2026-05-11
CVE-2026-43878	WWBN AVideo: Reflected XSS in plugin/Meet/iframe.php via Unescaped `user`/`pass` Parameters Reflected into JavaScript String Literal — AVideoCWE-79	6.1	Medium	2026-05-11
CVE-2026-43877	WWBN AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary Bytes — AVideoCWE-352	5.4	Medium	2026-05-11
CVE-2026-43876	WWBN AVideo: HTML Injection in notifySubscribers.json.php Enables Platform-Branded Phishing Emails to Channel Subscribers — AVideoCWE-79	6.4	Medium	2026-05-11
CVE-2026-43875	WWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account Takeover — AVideoCWE-598	6.8	Medium	2026-05-11
CVE-2026-43873	WWBN AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server — AVideoCWE-209	7.5	High	2026-05-11
CVE-2026-43874	WWBN AVideo: Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass — AVideoCWE-94	7.2	High	2026-05-11
CVE-2026-41304	WWBN AVideo vulnerable to RCE caused by clonesite plugin — AVideoCWE-77	8.8^AI	High^AI	2026-04-21
CVE-2026-41064	AVideo has an incomplete fix for CVE-2026-33502 (Command Injection) — AVideoCWE-78	9.3	Critical	2026-04-21
CVE-2026-41063	WWBN AVideo has incomplete fix for CVE-2026-33500 (XSS) — AVideoCWE-79	5.4	Medium	2026-04-21
CVE-2026-41062	WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters — AVideoCWE-22	6.5	Medium	2026-04-21
CVE-2026-41061	WWBN AVideo Vulnerable to stored XSS via Unanchored Duration Regex in Video Encoder Receiver — AVideoCWE-79	5.4	Medium	2026-04-21
CVE-2026-41060	AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL — AVideoCWE-918	7.7	High	2026-04-21
CVE-2026-41058	AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo — AVideoCWE-22	8.1	High	2026-04-21
CVE-2026-41057	AVideo has CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) that Exposes Authenticated API Responses — AVideoCWE-346	7.1	High	2026-04-21

This page lists every published CVE security advisory associated with WWBN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

WWBN — Vulnerabilities & Security Advisories 186