wwbn

207 tracked vulnerabilities.

CVE-2025-50128 CRITICAL
WWBN AVideo 14.4 and dev master - Stored Cross-Site Scripting via videoNotFound 404ErrorMsg Parameter
Jul 24, 2025
CVSS 9.6
EPSS 0.01
CVE-2025-48732 HIGH
WWBN AVideo 14.4 and dev master - Remote Code Execution via .phar File Request
Jul 24, 2025
CVSS 7.3
EPSS 0.01
CVE-2025-46410 CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via managerPlaylists PlaylistOwnerUsersId Parameter
Jul 24, 2025
CVSS 9.6
EPSS 0.01
CVE-2025-41420 CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via UserLogin cancelUri Parameter
Jul 24, 2025
CVSS 9.6
EPSS 0.01
CVE-2025-36548 HIGH
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via LoginWordPress cancelUri Parameter
Jul 24, 2025
CVSS 8.3
EPSS 0.01
CVE-2025-25214 HIGH
WWBN AVideo 14.4 RCE via Race Condition in aVideoEncoder.json.php Unzip
Jul 24, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-34899 MEDIUM
WWBN AVideo 12.4 - Cross-Site Scripting
May 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-31819 CRITICAL
WWBN AVideo 12.4-14.2 - Remote Code Execution via systemRootPath Parameter
Apr 10, 2024
CVSS 9.8
EPSS 0.16
CVE-2023-50172 MEDIUM
WWBN AVideo - Recovery Notification Bypass via Captcha Validation
Jan 10, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-49864 MEDIUM
WWBN AVideo - Arbitrary File Read via aVideoEncoderReceiveImage.json.php downloadURL_image Parameter
Jan 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-49863 MEDIUM
WWBN AVideo - Arbitrary File Read via aVideoEncoderReceiveImage.json.php downloadURL_webpimage Parameter
Jan 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-49862 MEDIUM
WWBN AVideo - Arbitrary File Read via aVideoEncoderReceiveImage.json.php downloadURL_gifimage Parameter
Jan 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-49810 HIGH
WWBN AVideo - Login Attempt Restriction Bypass via Captcha Bypass
Jan 10, 2024
CVSS 7.3
EPSS 0.01
CVE-2023-49738 HIGH
WWBN AVideo - Arbitrary File Read via image404Raw.php
Jan 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-49715 MEDIUM
WWBN AVideo - Unrestricted PHP File Upload via import.json.php Temporary Copy
Jan 10, 2024
CVSS 4.3
EPSS 0.01
CVE-2023-49599 CRITICAL
WWBN AVideo - Insufficient Entropy in Salt Generation
Jan 10, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-49589 HIGH
WWBN AVideo - Weak Password Recovery Mechanism in userRecoverPass.php
Jan 10, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-48730 HIGH
WWBN AVideo - Stored Cross-Site Scripting in Navbar Menu User Name
Jan 10, 2024
CVSS 8.5
EPSS 0.01
CVE-2023-48728 CRITICAL NUCLEI
WWBN AVideo 11.6 and dev master commit 3c6bb3ff - Cross-Site Scripting via getOpenGraph videoName Function
Jan 10, 2024
CVSS 9.6
EPSS 0.02
CVE-2023-47862 CRITICAL
WWBN AVideo - Local File Inclusion and Remote Code Execution via getLanguageFromBrowser
Jan 10, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-47861 CRITICAL
WWBN AVideo 11.6 and dev master commit 15fed957fb - Cross-Site Scripting in channelBody.php User Name
Jan 10, 2024
CVSS 9.0
EPSS 0.01
CVE-2023-47171 MEDIUM
WWBN AVideo 11.6 and dev master commit 15fed957fb - Arbitrary File Read via aVideoEncoder.json.php chunkFile Path
Jan 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-32073 HIGH
WWBN AVideo < 12.4 - Remote Code Execution via CloneSite Plugin
May 12, 2023
CVSS 8.8
EPSS 0.06
CVE-2023-30860 HIGH
WWBN AVideo < 12.4 - Stored Cross-Site Scripting via Meeting Room Creation
May 08, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-30854 HIGH
AVideo < 12.4 - Authenticated Remote Code Execution via CloneSite Plugin Endpoint
Apr 28, 2023
CVSS 8.8
EPSS 0.05