CVE-2026-33294 | WWBN AVideo up to 25.x HTTP Request save.json.php url_get_contents server-side request forgery (GHSA-66cw-h2mj-j39p)

A vulnerability was found in WWBN AVideo up to 25.x and classified as critical. The affected element is the function url_get_contents of the file plugin/BulkEmbed/save.json.php of the component HTTP Request Handler. Executing a manipulation can lead to server-side request forgery.

This vulnerability appears as CVE-2026-33294. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More