AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints

Summary The AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php template was shipped without this guard. Every plugin that uses th...

CVE-2026-34732 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...

WWBN AVideo 访问控制错误漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication for the list.json.php endpoint in the CreatePlugin template, which coul...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from three list.json.php endpoints in the Scheduler plugin, which lacked authentication checks. This allowe...