21 matches found
MAL-2026-4323 Malicious code in nba-cdn-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6472220c5bb80d934ccb360b63359201b4f8e203bc8c173b27cd4181c15964b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in nba-cdn-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6472220c5bb80d934ccb360b63359201b4f8e203bc8c173b27cd4181c15964b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview nba-cdn-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2026-33295
WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...
AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment
Summary The CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured the default state, the key validation check is completely bypassed, allowin...
GHSA-R64R-883R-WCWH AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment
Summary The CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured the default state, the key validation check is completely bypassed, allowin...
CVE-2026-33719
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured...
CVE-2026-33719 AVideo Vulnerable to Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment in status.json.php
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured...
CVE-2026-33719 AVideo Vulnerable to Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment in status.json.php
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured...
WWBN AVideo 访问控制错误漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an access control vulnerability. This vulnerability stemmed from the use of default empty keys for authentication at the status.json.php and disable.json.php...
CVE-2026-33295
WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...
CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php
WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...
CVE-2026-33295
WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any...
Cross-site Scripting (XSS)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the cleantitle field within the CDN plugin's download buttons component, where user-supplied input is directly interpolated into a...
CVE-2023-37889
Cross-Site Request Forgery CSRF vulnerability in WPAdmin WPAdmin AWS CDN plugin = 2.0.13 versions...
WordPress Staging CDN plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Staging CDN versions = 1.0.0...
CVE-2025-22326 WordPress 5centsCDN plugin <= 25.4.15 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 5centsCDN 5centsCDN 5centscdn allows Reflected XSS.This issue affects 5centsCDN: from n/a through = 25.4.15...
CVE-2025-22326
CVE-2025-22326 is a reflected cross-site scripting vulnerability in the 5centsCDN WordPress CDN Plugin. The entry lists affected software as 5centsCDN from n/a through version 24.8.16, with a CVSSv3.1 base score of 7.1 (HIGH) and network/low-attack-vector conditions; user interaction is required....
CVE-2023-37889
Cross-Site Request Forgery CSRF vulnerability in WPAdmin WPAdmin AWS CDN plugin = 2.0.13 versions...
CVE-2023-37889
CVE-2023-37889 concerns the WordPress plugin WPAdmin AWS CDN (versions