CVE-2026-33294 | WWBN AVideo up to 25.x HTTP Request save.json.php url_get_contents server-side request forgery (GHSA-66cw-h2mj-j39p)

Inserito da Angelo Barbosa | Mar 22, 2026 | CVE

A vulnerability was found in WWBN AVideo up to 25.x and classified as critical. The affected element is the function url_get_contents of the file plugin/BulkEmbed/save.json.php of the component HTTP Request Handler. Executing a manipulation can lead to server-side request forgery.

This vulnerability appears as CVE-2026-33294. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-33294 | WWBN AVideo up to 25.x HTTP Request save.json.php url_get_contents server-side request forgery (GHSA-66cw-h2mj-j39p)

Post correlati

CVE-2023-6499 | lasTunes Plugin up to 3.6.1 on WordPress cross-site request forgery

CVE-2024-9987 | Artica Pandora FMS up to 777.2 agents_modules_csv filters sql injection

CVE-2025-5683 | Qt up to 6.2.x/6.5.9/6.8.4/6.9.0 ICNS Image File denial of service

CVE-2024-12694 | Google Chrome up to 131.0.6778.139 Compositing use after free (ID 368222)