Lucene search
K

8 matches found

OSV
OSV
added 2026/03/23 6:46 p.m.4 views

CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An...

9.4CVSS5.9AI score0.00437EPSS
Exploits1References4
CVE
CVE
added 2026/03/23 6:46 p.m.19 views

CVE-2026-33716

WWBN AVideo v2/3 up to 26.0 (open source video platform) is affected by a flaw in the standalone live stream control endpoint plugin/Live/standAloneFiles/control.json.php. The user-supplied streamerURL can override token verification requests, enabling an attacker to redirect verification to a ma...

9.4CVSS5.8AI score0.00437EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/11/06 5:15 a.m.3 views

CVE-2025-11271

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...

5.3CVSS5.8AI score0.00269EPSS
Exploits0References4
NVD
NVD
added 2025/11/06 5:15 a.m.5 views

CVE-2025-11271

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...

5.3CVSS0.00269EPSS
Exploits0References4
CVE
CVE
added 2025/11/06 4:36 a.m.26 views

CVE-2025-11271

The CVE-2025-11271 entry concerns WordPress Easy Digital Downloads (EDD) plugin versions up to and including 3.5.2. The vulnerability is an order verification bypass: the POST parameter verification_override=1 causes the verification check to be skipped unconditionally, enabling an attacker to su...

5.3CVSS5.9AI score0.00269EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/06 4:36 a.m.4 views

CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...

5.3CVSS5.9AI score0.00269EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/06 4:36 a.m.7 views

CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation

The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verificationoverride=1. Because this value is...

5.3CVSS0.00269EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.10 views

PT-2025-45174

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads versions up to and including 3.5.2 Description The Easy Digital Downloads plugin for WordPress has a flaw that allows manipulation of orders. This is due to a bypass in order verification, which occurs when the...

5.3CVSS6.3AI score0.00269EPSS
Exploits0References7
Rows per page
Query Builder