Lucene search
+L

5 matches found

github
github
added 2026/04/01 9:6 p.m.5 views

AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug

Summary The StripeYPT plugin includes a test.php debug endpoint that is accessible to any logged-in user, not just administrators. This endpoint processes Stripe webhook-style payloads and triggers subscription operations, including cancellation. Due to a bug in the retrieveSubscriptions method...

6.5CVSS6AI score0.00281EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2026/03/31 8:53 p.m.2 views

CVE-2026-34737 AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin includes a test.php debug endpoint that is accessible to any logged-in user, not just administrators. This endpoint processes Stripe webhook-style payloads and triggers subscription operations, includin...

6.5CVSS6AI score0.00281EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/03/31 8:53 p.m.2 views

CVE-2026-34737

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin includes a test.php debug endpoint that is accessible to any logged-in user, not just administrators. This endpoint processes Stripe webhook-style payloads and triggers subscription operations, includin...

6.5CVSS6AI score0.00281EPSS
Exploits1References2Affected Software1
cve
cve
added 2026/03/31 8:53 p.m.15 views

CVE-2026-34737

CVE-2026-34737 affects WWBN AVideo (StripeYPT plugin) up to version 26.0. A debug endpoint test.php, intended for Stripe webhook-like payloads, is exposed to any authenticated user. The root cause is a bug in retrieveSubscriptions() that cancels subscriptions instead of merely retrieving them, al...

6.5CVSS6AI score0.00281EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2026/03/31 8:53 p.m.26 views

CVE-2026-34737 AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin includes a test.php debug endpoint that is accessible to any logged-in user, not just administrators. This endpoint processes Stripe webhook-style payloads and triggers subscription operations, includin...

6.5CVSS0.00281EPSS
Exploits1References1
Rows per page
Query Builder