Avideo
This hub aggregates every CVE we track for Avideo, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
206
CVEs tracked
26
Critical
80
High
0
In CISA KEV
Severity distribution
MEDIUM99HIGH80CRITICAL26LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
7
0
0
0
0
9
0
5
80
31
21
5
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Avideo.
- CVE-2026-56347AVideo TopMenu Plugin - Stored Cross-Site Scripting via Unescaped Menu Item Fields6.1
- CVE-2026-56346AVideo - Unauthenticated PGP Message Decryption via decryptMessage.json.php Endpoint6.5
- CVE-2026-56345AVideo - Arbitrary User Session Hijacking via Meet Plugin uploadRecordedVideo Endpoint8.1
- CVE-2026-56342AVideo - Server-Side Request Forgery in Live/test.php via statsURL Parameter6.8
- CVE-2026-56341AVideo - Unauthenticated Access to Payment Log DataTables Endpoints via list.json.php7.5
- CVE-2026-45580WWBN AVideo Live: stored XSS via unescaped stream key in modeYoutubeLive.php class attribute5.4
- CVE-2026-45578WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL8.8
- CVE-2026-45610WWBN AVideo plugin/LoginControl/set.json.php: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA5.7
- CVE-2026-45619AVideo CVE-2026-43884 incomplete fix - `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post6.5
- CVE-2026-45620AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration5.3
- CVE-2026-45731WWBN AVideo: Authenticated Arbitrary File Read in view/update.php4.9
- CVE-2026-46337WWBN AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`5.3
- CVE-2026-47694WWBN AVideo: Stored XSS via unescaped Gallery category description5.4
- CVE-2026-47696WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint4.3
- CVE-2026-43884WWBN AVideo: SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()7.7
Product normalization is registry-driven with AI assist and human review. How it works