CVE-2026-43873 WWBN AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. T...

PT-2022-25988 · WordPress · Media Library Assistant

Name of the Vulnerable Software and Affected Versions: Media Library Assistant plugin versions prior to 3.01 Description: The issue is related to an Unauthenticated Error Log Disclosure vulnerability. Recommendations: For Media Library Assistant plugin versions prior to 3.01, update to version 3....