Home / Vulnerability Intelligence / CVE-2026-34395

CVE-2026-34395 - Vulnerability Analysis

MediumCVSS: 6.5

Last Updated: April 1, 2026

WWBN AVideo - Broken Access Control

Published: March 31, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable

Overview

WWBN AVideo <= 26.0 contains a broken access control caused by missing admin check in plugin/YPTWallet/view/users.json.php endpoint, letting any authenticated user access all users' personal and wallet information, exploit requires user authentication.

Severity & Score

Severity: Medium

CVSS Score: 6.5

Impact

Authenticated users can access all platform users' personal and wallet data, leading to significant information disclosure.

Mitigation

Update to the latest version when available or implement admin check on the endpoint.

References

https://github.com/WWBN/AVideo/security/advisories/GHSA-77jp-mgcw-rfmr

Related Resources

Details

CVE ID: CVE-2026-34395
Severity: Medium
CVSS Score: 6.5
Type: broken_access_control
Status: confirmed

CWE

CWE-862

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N